Extracted

Extracted

• • Target

    651fc838a1ddf94087801a771da3632fdb1f463fb556730371877e2a8f3eb69f

  • Size

    241KB

  • MD5

    7059b9d555a40df0758ffd0cb6692353

  • SHA1

    82f736124863a7f891bc8eee89f8cb5a732de5e4

  • SHA256

    651fc838a1ddf94087801a771da3632fdb1f463fb556730371877e2a8f3eb69f

  • SHA512

    1e2dc0a1eb3c41311f7fa2d20b2acf68ce42d4c5f0ea96cf6d4332fd11d04810ac71e354b802b955e4f9ea1637bfc4f1f190f0997bbf5a59f07b565c460eb9b4

  • SSDEEP

    3072:Voe6WKeqr+fDdG8VaM7TUmN/jk2bHH5ewA+Z1J:Voe6WKeqqfDY8VNk2bH9Ae

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2