Extracted

Extracted

• • Target

    SOA.exe

  • Size

    778KB

  • MD5

    4b87b32f26b417ddbaaa08391cbf3dfd

  • SHA1

    f870a7b9eec7352c7863f2491cabdb404cf53a0d

  • SHA256

    3729df5275a3dbba2ea3c90fac7796341a6d2c397ceb0bb5fc98b99a7f76df1d

  • SHA512

    5a7e97e4bba2a2cc4b3a3a4a623aa3cb5a252a776a4c9f796b5272d3c1d735bab8fbca2163421d7d3bf1bbe0d37b2a1f864227f2cb545323f9c1fd2339f1a0a7

  • SSDEEP

    12288:2KOlbxrEX0IO8Df3PScPgY93W2dyQ1DkJT39bH9usL9wJExi+ByD4RF3mrU:PX/f1PRxyQhkdlduJExi0yDgF3mA

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2