Extracted

• • Target

    71037728ddcea1b094b4bc48fa92b2a0895f009f17e0e9354a3dc5fb0077e8bc

  • Size

    888KB

  • MD5

    b420cd9c5eefe5c4b1a80958476ceef2

  • SHA1

    ec9bad3fe35f25be002005011bbec029af4db4dd

  • SHA256

    71037728ddcea1b094b4bc48fa92b2a0895f009f17e0e9354a3dc5fb0077e8bc

  • SHA512

    13b43f836e34385003aef7074f355100481ddf46ab556f4094ee0cef0b8ef4233d90e83579b8ef15d63e91648d9e62271f91fafe40e9e69e1885430bb9aadb2a

  • SSDEEP

    12288:1x57XCkfrx+nYdx6BsfSzOIHPOG9+G1cPAoThlfRIbGtYJD1vLz/7CWV0PATpS9b:tX+Ydx61/P19+LhlfRyXjf4uNcb

  Score

  10^/10

  agentteslaneshtacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2