Extracted

• • Target

    5c18981837fc6721301b98e3f096a76826e9f6480023ca20502356ec83aacb65

  • Size

    761KB

  • MD5

    a66373c0116b4e5afdf5c0c314b5e4fe

  • SHA1

    21598dbe4fc886f3b18fd73de9d8943c2a7998c8

  • SHA256

    5c18981837fc6721301b98e3f096a76826e9f6480023ca20502356ec83aacb65

  • SHA512

    6585f2ddaac37c046a0f9a59f774209ca699e4709ecb4a94a82ebb3ac6313a061256fd697075e1f60653fd84d6153e099381919b205c259a7fe7101cce5d4c53

  • SSDEEP

    12288:KkPAtlj3XUog+pht8LFOcc6WkFREIpEqynK3/tkpcoQSt8bqZCoW4Wki9WwzRm:eTpv8bWkbEIpunEKpFZb2fk

  Score

  10^/10

  discoveryagentteslacollectioncredential_accesskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2