Extracted

Extracted

• • Target

    63032694fda6a6094ff1907f9527ad3573e1b99878d2b94cb3edf3fd89a658ed

  • Size

    665KB

  • MD5

    c3bf00ae9523b4f315c2fd21de5897d3

  • SHA1

    d845b0609e0a4f91407a92bf4307c8cf43e72b4f

  • SHA256

    63032694fda6a6094ff1907f9527ad3573e1b99878d2b94cb3edf3fd89a658ed

  • SHA512

    505ac8d367d7a7f52e12a530601cc2221c6cd85dad4b312966ec02a33b1ddd48386d4add7e1ca0495f5349cd3f8c4082520cf4da2f846e632636a0733bc39b66

  • SSDEEP

    12288:Rbi8LkpEaW7M0Q8dOheM3G5xRYc0u8Oos5gtKxkHQJ2cww0HZ5dK6C:QjE5Q8OIZdYc0MqtKxu9Fh5

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2