Extracted

• • Target

    New Purchase Order.exe

  • Size

    1012KB

  • MD5

    a58b322c74d8dfba9c022607b0d0c26b

  • SHA1

    380f438ad2620f1582fe9b7d5b2ba84c3d6f3349

  • SHA256

    322a82cb52dd04f516915780a9eb9865e24bd284fedecf938e345270fa0f83b3

  • SHA512

    06d2ff7e199a1be0ca7357bb8e9bdbcc63f00d1082cab4ef086f344b6b88c00e2885db5e369329220463237558a43280b0d249349511ca9d6e01f8bac13f3118

  • SSDEEP

    12288:SLw5APwiU251kh53ZLsVOdl0160HQV7g5D+8Egpe0kOrZsEnGvjbLhsRuDIQoiCa:IPOoSbdlYHQVGioZNtrB3m

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2