Extracted

• • Target

    92aff680ae646607e5d30fd43bfb66d8d765b7bcf7ffc0aacb65c389358fc528.exe

  • Size

    832KB

  • MD5

    719d1025c292bfee9c1df6903bb1c3ac

  • SHA1

    d23fe682c242dff7446d9661cb6045e742666ebc

  • SHA256

    92aff680ae646607e5d30fd43bfb66d8d765b7bcf7ffc0aacb65c389358fc528

  • SHA512

    1d64abb7b77ed94c8d63a0dddf00b5b00b108ee20c320a8263e83d9bc23013bfeb1e3dbb03b171e3beee03b16111fc9349de2380943d5d960a67f55b94cbb1c1

  • SSDEEP

    24576:EeWtb3BErWwO8+LXvon7qikP22ctGhJHfAAb/F:ENZBErO8+sn1J2sG/HfAAb/F

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect packed .NET executables. Mostly AgentTeslaV4.

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects executables referencing Windows vault credential objects. Observed in infostealers

  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

  • Detects executables referencing many email and collaboration clients. Observed in information stealers

  • Detects executables referencing many file transfer clients. Observed in information stealers

  • Suspicious use of SetThreadContext

  behavioral1behavioral2