Extracted

Extracted

• • Target

    edb50e85473329f205f9cde2fca57605b2dcafca75c12c9da52632bfc4249f26.exe

  • Size

    962KB

  • MD5

    74421477fafaf6beb9d8e3806e1f6643

  • SHA1

    44857e574c1892ef8a3f8c8f41c5c0c0aab20b83

  • SHA256

    edb50e85473329f205f9cde2fca57605b2dcafca75c12c9da52632bfc4249f26

  • SHA512

    d8c0c0a2945818d8e7acac55af35a53e7352326a7ec28e04edf5326e7cc5aa2e67983d800da3e1b7a7a3a6bd3942e5306c7b0037e338a2ef00be266a7b39c3c2

  • SSDEEP

    12288:TxaMaSzOKy2r7SPNvZlu+RNen3gV8zhcfP7neAs:TYMaSSKy2/SPNLvRNeQV8lcfP7eX

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2