Extracted

• • Target

    astUwsubHkAYH.exe

  • Size

    1007KB

  • MD5

    aa1857577e2aa1b134e0627c862668e8

  • SHA1

    9460cbe805c3014214b1cfa3e9eb7f17df99ff44

  • SHA256

    f5815777d84f878c6c2d94c45c93352f563ab81ba2613e5063601a5d76f1637e

  • SHA512

    9328a5f7689ea64a466efff9316d3ce9e28a272e422d8a1b50df7f1a26c82d12afe22a935f8360d7bf9ec1d6457033190d07ef6520ca5b26113829c8a359c18e

  • SSDEEP

    24576:LATsIBMNjnNNOhAe/S0I1AuFdIeQCB6T7xczldUh3QFbVo5OrdMGuZ3WL8mcwE4+:J6WIeQC7UhAFRo5ORMGs3WJcA7

  Score

  10^/10

  agentteslacollectiondiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2