Extracted

Extracted

• • Target

    c6ce9ff77da08fa01b83d2a188bb925eac04133ed6264b5ad90b7b0de8cddca5

  • Size

    633KB

  • MD5

    793a83b27d09ccf51a1679a5f4ab3d80

  • SHA1

    3f9b5517c025e154d92f28f6b1c283a7e0cb0ab1

  • SHA256

    c6ce9ff77da08fa01b83d2a188bb925eac04133ed6264b5ad90b7b0de8cddca5

  • SHA512

    e17ccb50bc0a258f7530f34b5c9a517b9399150ea81b5b6edfa02d583928491b566ba124b1e61e90526de6eff67c82df0f71e58dbf1dfaf9323b1143fb40a6d6

  • SSDEEP

    12288:hzAgFdJxf2WMiQPIt+HCQOcFNLWrEawmJ3bxfeA8FjM2LYmGLw2Cb8uD:9AgJxf2WMiQPakbaZ3bx+M2jGLTo

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2