Extracted

• • Target

    FWD_2020080317368428389989134962381931603322231765263557.exe

  • Size

    730KB

  • MD5

    0d61b4602c75404e9602028386be0b64

  • SHA1

    205e954e6482520aa4b0a83010839d4e2a74a3ad

  • SHA256

    b5f13642aea2fab7e7172b1b93f7d154e80b1675de919b4b7b9f0c5b943ab67e

  • SHA512

    705687cbf0fa908945b7b81252e493a42e26a3fdc0f74b2c9018776399d00b3657218ef3bb280010b6ae9b68937da74681ab0b4c2b2b0c0f5bab3f8e9a789c69

  Score

  10^/10

  agentteslaevasionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2