Extracted

• • Target

    ed3164bb98a402b24a8f96552c01d24a577244ed9547e4d2458805fd8d2d9545

  • Size

    551KB

  • MD5

    486af240c971d660436bf37dfb3cfa7f

  • SHA1

    bbfd5d330f3a7dc5db2aebaac816e6cf9dc072b5

  • SHA256

    ed3164bb98a402b24a8f96552c01d24a577244ed9547e4d2458805fd8d2d9545

  • SHA512

    478e65690b1fa79d18875cb8d20a7f11eba38c6daa1ecb0ea4e02a82749c666610d4a42330614b0b835c567efee0e2d0c55d7c26c81a606245ffc35ac3fa0d68

  • SSDEEP

    6144:DGxhLKgImlvAm9O27MXyCXlgzyWYlR/mDT6xrtzRbSbgAldpPI2SQN4j6YFgYi:CCH+dU6MXyCXYyHlR/6TaJUJNNqCYi

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2