Extracted

• • Target

    09e4a87a6008ceff27423dbca245888f.exe

  • Size

    300.1MB

  • MD5

    09e4a87a6008ceff27423dbca245888f

  • SHA1

    75421ba696dcadc9374c861946feba1ba61850b1

  • SHA256

    a3651d8b7f6bd588cff17dc6107b5bb9444d64966d32c101444e85adcf10477d

  • SHA512

    b2227c09f05e8d516372685ccfe7fbf29666853a2b55ddbd3be404669eaf6d41e54a5feb86b6542dcac347a05caf8b8ce42c7be4262f7a6202efdef2838e60eb

  • SSDEEP

    192:4YTgagCLAWvAZaMDgz/NCtlLrb8stYcFmVc03KYS:4vaXLAngAgDNGprbptYcFmVc03Kx

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2