Extracted

• • Target

    AMD129 Spec Request for Quotation and Fastest Shipping Time - ref21092020 00933.exe

  • Size

    534KB

  • MD5

    0ebd6dce521fed21eb984c1fbdd71afe

  • SHA1

    53bb50396ce3cda6778a41ddb199a959d9d12766

  • SHA256

    c177ff9cb3b786e48a9dd68a932aa64d489851293162caa2ec8fd9eb14ea0c35

  • SHA512

    36a91170dbef2d79dc1b8055f4f9dfa286575f4c9ba963e7229cfee076435f07dee9cd7e9b32293aeb442ed3dca3805cde686ead3922fae0eae3e303bb9a3cd4

  • SSDEEP

    6144:purVvGt4mbGJgoZZcX9ETIvBZo/TZgcvtcZQdnRnZGVaknx+lDAA:pdtdggcsUI5ZodnvtcZCnRn07wdAA

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2