Extracted

• • Target

    9cd6d14a5254897728ad190b51b1b370c64aa9756552176fcd75b59949846ee8.exe

  • Size

    478KB

  • MD5

    84205b27ef7b09d1c14730cbe5bc644e

  • SHA1

    c075e1ab7b246c09c79df38839a36796a64c5719

  • SHA256

    9cd6d14a5254897728ad190b51b1b370c64aa9756552176fcd75b59949846ee8

  • SHA512

    1bbe3a2145ad0650ab2976479a7bc452d9c06f876815d2e2543fc44d1136518cc915c6582ac6ad70cc1480939935a4f76bddc94a7f700492344e3bc27e796b76

  • SSDEEP

    6144:l6Uqd2GhN0hoFA8YB+yqV2ax7D4AFc7xooWm3lLcLctuW6Gt6MTZ7e65oq/t9ch/:cUi2iNqoC8xrMANWLcu2wZy6XS/kq+u

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojancollectioncredential_access

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2