Extracted

• • Target

    PqtuwQbAQoqcY27.exe

  • Size

    468KB

  • MD5

    b77e4a6f2c6abab6cf1dc6d4ab5dac2a

  • SHA1

    a9c585aac523a7d643b5fbf5c6e722123a5f9dde

  • SHA256

    bc83ce6a585ef0217f5088832b31be76b70a4e3b2c6e8212995c64cf71b7ded4

  • SHA512

    331977a56172144cf6c8d21ec091a3b913c7815242433335651a5d1c99c4b11a484246fc5b5fd05c89fdc54b64a8731f136c3698c646d1b8b9b753da3388bdc0

  • SSDEEP

    12288:yUi2iNrIEj0Oh09Nibsrmroee/8r5Z1x:yUi1hIyMSs6y/WXx

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2