Extracted

• • Target

    20211104.EXE

  • Size

    936KB

  • MD5

    77694f1cfa30a4ea6c65be837dd013d9

  • SHA1

    e1ce7bf4c2ca9f342c12a56d9dcee84891f62f8b

  • SHA256

    248a39f30a5d874ed2c08048affc38d9fc6cce83e784e7bfe43f2ff41fc59258

  • SHA512

    ae7433c89d83fab3cb01c641ee2d7437c3dd0ac196219249cfd1e89f392a5d440d595141d3a4f6676fd8fa3bb41ac7dd6e51b5f1ec59109f8abe4d60a6a0b36f

  • SSDEEP

    24576:D8TAqbDuUBSOmS5aMy8282V5UZXq7afs:QDXBVmMa9URqGU

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2