Extracted

Extracted

• • Target

    QUOTATION.exe

  • Size

    567KB

  • MD5

    d3ed542fd3254ad1ecfa3946650ab71a

  • SHA1

    ae291f7e54e57c9cb0c7ed66db3d14ddc9664d83

  • SHA256

    57cb52e3ee3fda72557ac6bda9a94c641a3c03ac395ddfaefc9b068826048f0a

  • SHA512

    19de31b7a28c858de1d4c910fc67f63ebeeca952dabec793efe9ed0410d9de29e0bde18669e61bab74a989755cf39ae57b93725662ee19733250ea8ff15dacb2

  • SSDEEP

    12288:LcY0YrJN7lTUaX1caZLC+UQ2NSh7dKEzX/DsXlylSx1:L1n7221caZGJSnKEzXbsH

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2