Extracted

Extracted

• • Target

    product.exe

  • Size

    656KB

  • MD5

    b1ac03ad94ecd5f2fb1b3a9d3342e716

  • SHA1

    3d35e1e87e30c539b125be1c5f21a9426c3a2e97

  • SHA256

    70554a5acb001e1f249be0db181d505adcb62afcb9f97aae0fca99728fe6dfc0

  • SHA512

    1097c94bb364acab07df60afd185494303c4398e99b6199fa38750c2dc5568bea1f31e8d65f0ca6c8699705fa8648b3c8db7455b4b5b30e7e249cc986f67b2d9

  • SSDEEP

    12288:WcK1wNZRAqIh6HIT5FiNDrLj72Ggj8pjDuCwGhwM2ric4BrZ5PU7wIF:JlFIwdLX2x8pjyG1OizB1ZUDF

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2