Extracted

• • Target

    Invoice Copy--SS21-22185.exe

  • Size

    735KB

  • MD5

    de14a9a68222535e7607d779bd765693

  • SHA1

    c5f7c6c381f94412c615c653b3d32fc0ff214c6c

  • SHA256

    403bb6e9dc90881b21455b962d27a1ccf555585645eb648ad3b29f94d9265aa5

  • SHA512

    9260891716b6f48bb1b2a9625ffff02b277e912630f876e110f8820153ecbd34eab8278b2d96d3e3837c185695b76b5ea35b7975face69aaed7d7bbaa846d575

  • SSDEEP

    12288:G+G82iNeHK7z8EzZ1q2hsKZQrwcflkNA7MqGzeejAZ2a/IGRUdZ4xCmrx/D:d1b/Phs2xcdwFq0ee62aAGRUX4xCCD

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2