Extracted

• • Target

    rvjgwbak.exe

  • Size

    209KB

  • MD5

    dafb5f90a7e12d6c989b1b3be1ff45f4

  • SHA1

    f52402ea9c8a6fefb872ce51a2fdfbbc212225b5

  • SHA256

    0a840e0d003dbbe94510ba7ce6db2c41e5bcdbe4d8dfcb8f1a8b0f15d710419d

  • SHA512

    137ed2f3c0786f83731069eef0cb38643d268040065d3a3b5d5a0ddf9da32ca9bc1d58916ee2b4f6179e9c328f7ecc810aa9a94523b2d8c63a15a39fe8203635

  Score

  10^/10

  agentteslapurecrypterkeyloggerloaderspywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect PureCrypter loader

    loader

  • PureCrypter

    PureCrypter is a loader which is intended for downloading and executing additional payloads.

    trojanloaderpurecrypter

  • AgentTesla Payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2