Extracted

• • Target

    0c151eef51e6060e354a9924f92abc21e3910cfbfe480b0924f2c9d3b12f4c4a

  • Size

    2.1MB

  • MD5

    a7f31885f9026b8fa117481594c0447b

  • SHA1

    2fe0214176a9ab675eb7948f46c0a22ee2c0e28d

  • SHA256

    0c151eef51e6060e354a9924f92abc21e3910cfbfe480b0924f2c9d3b12f4c4a

  • SHA512

    bbe3cb48f2e46941318adbd3090afa4bc45767da8350dde6e36e2c410d5d2c7d9bb1c36e3395df3322befd9ca0fc4abf9171232bb03420e5b3bde42fc37ad982

  • SSDEEP

    24576:eVgK1+jkSmbE0YjdlaXF+1OoF0M1e6cIvBMFdnLvZhbvcv1h///73BGkTbrWR0:cZuX2KjLOoiaMD7ZK1VLdbrWR0

  Score

  10^/10

  discoveryagentteslacollectioncredential_accesskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2