Extracted

• • Target

    0c38b5488a2c72a89b8bbcf9114d94578acb14b442ffa2d5715e5da9ba2a4be6

  • Size

    1.2MB

  • MD5

    d881b25107c15e6a403533b2fded497f

  • SHA1

    157a39b6cc0bf291ae562de3375ef1b6ecfde68f

  • SHA256

    0c38b5488a2c72a89b8bbcf9114d94578acb14b442ffa2d5715e5da9ba2a4be6

  • SHA512

    85acea38a31c7f7afd44ae410f1b5192ca4b2fb82242bdf83019e415d8ee51f8609ecf386689c62646eb853fb5827edb48d37607a1ed679970b0b826ea975b52

  • SSDEEP

    24576:gAOcZXQOsoYKjqsM3RwfksQU8OIgibj5HHeg/cbGOSMIKB4p:+boisM3afkXU8H335HdYGOSMji

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2