Extracted

• • Target

    IMG_0009786R445TGUH.exe

  • Size

    423KB

  • MD5

    f6cec1316813848e64a78fe3d6d29386

  • SHA1

    ee1422deba8ead728f95c22c2b0ccfb984c00c33

  • SHA256

    2b9ac04e330dd1d57544561da42bd8826c516e16b1acb6e70aa07d38f8152cde

  • SHA512

    174e73448b7a1d9002deb0957c33e5939601ba0c79038f33d00e16bf0548ffdbd0165754d52f8b830a517bc499c58e755d6926b902fc02225fbe63e488c208e0

  Score

  10^/10

  agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • AgentTesla Payload

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2