Extracted

• • Target

    a6cb24ec48c182bfa461e9a8a07bf66de2ded535473b5e5e5c6abca513132197

  • Size

    1013KB

  • MD5

    a8cf327f63f544a6af4510fa03f74ccd

  • SHA1

    88a50f86cce5e13908926255fed532037831e389

  • SHA256

    a6cb24ec48c182bfa461e9a8a07bf66de2ded535473b5e5e5c6abca513132197

  • SHA512

    bf22da3f713be75aa0f8cc3a75ed24b982b4dd552080e961ed7d206b604417e9109a03511d7fa3044a6a90d1fd68414e20d198a632e2e7e25a29b6ef20666ebd

  • SSDEEP

    12288:nGFXPgj5yV2DFFXQeqwYX1XpgztJdszAcBoTCovmUCSFkgO/g7dAk+ude/icqchC:n4gWqQeSrWpV+otvmazO/gBAn

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2