Extracted

• • Target

    3e02ed068e33bf8b1827f2108fb78224003df70055a6933717f4b8392faf17da.exe

  • Size

    1.3MB

  • MD5

    3303042547cb4d5dc136ffc5784fb9a6

  • SHA1

    e4eb7bd9a06e1ee4080140bf0cef295972978a39

  • SHA256

    3e02ed068e33bf8b1827f2108fb78224003df70055a6933717f4b8392faf17da

  • SHA512

    d251747d91b290195ae2d56e7034eff6dfdfb248b63bb00f18b8321f044941bfca80a357ded22dba7830f74e87928e80d6cc12754b191a4f7579d34c7fbe3809

  • SSDEEP

    24576:66EpKkF3Vy05wYK7WUTkH6s5KtDhLZK8/GBRDEMY3y0NjA1d2cO:FPbZ5hLIzBRD18HNjA1drO

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect packed .NET executables. Mostly AgentTeslaV4.

  • Detects executables packed with or use KoiVM

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2