Extracted

Extracted

• • Target

    fe7e4fad0465e0981d2a6bc4bd6c3ea478aeb828f963113cbf6d86dd29c1bf7a

  • Size

    705KB

  • MD5

    31cb8959556fee6da7bf47bd5955bbec

  • SHA1

    baf2ae4f900d3fb2ae02a09d8b8a7e5df5fb0823

  • SHA256

    fe7e4fad0465e0981d2a6bc4bd6c3ea478aeb828f963113cbf6d86dd29c1bf7a

  • SHA512

    a490eb911285294df2ef7338218d98f0b20c14586dda67b357002f00ca7927022d00fccb369fd6ddcd7640a11b0385e78e089dab17f2c567c0374065b34777fc

  • SSDEEP

    12288:wbyi2x14+GB99rOmY3rf5kx4wNtGp43TqiaqhflgbYARaWJ1sn52QJqQdRlF6wWy:naB78hkywrj3miaqhfl2YARPc52QJ/RN

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2