Extracted

• • Target

    NEW PO #4076524335_2022-10-10.exe

  • Size

    453KB

  • MD5

    a036c6f8d7e2030b3e34089492982613

  • SHA1

    5c702b21b03bdae15874d2f01fb689dbf652ce05

  • SHA256

    65e331380851f9aced88e0aa9e78e70d04131fa073c5278f6e7fbeb0dff82267

  • SHA512

    3292fd69f1209b424b9a7629bee14b0d580b5971a7a9b481050d4f9265f66b06bbc3e9ab4dbf6587cf6b3ba0bada869bc02e7ec3dbcb530dc8c41dd008d9a657

  • SSDEEP

    12288:7tqsuHdhA0S3GynVlKFuR1rqv4rG5sdq7ufFa9/Z:IdOEEkkLqY/da9B

  Score

  10^/10

  agentteslaguloaderdiscoverydownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • AgentTesla payload

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2