Extracted

• • Target

    fe1daed50c5c7dda4e786a95583e59e9d5d963714ba91c7350877e6cd83e0748

  • Size

    1.1MB

  • MD5

    cd93b224ee862a38e3d073d2bfc4e7fb

  • SHA1

    88e2f26363506aafca9aebc889948253a9c1cca2

  • SHA256

    fe1daed50c5c7dda4e786a95583e59e9d5d963714ba91c7350877e6cd83e0748

  • SHA512

    a3850f2d17a1fe87ce94ce748126d3f8115e452acfa21a872abed0b7d086e9e13f5b33a3db577e51bd9febf3b6fd4d38a45a5d3fb31dbd6edaefbc241affbb8f

  • SSDEEP

    24576:xO2j8/LL5X8jGW8Ii+oAZbY0xplJaHYTVQZPPIF:Q2j8PgBxoAS0BJIw2P

  Score

  10^/10

  agentteslacollectiondiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2