Extracted

• • Target

    6907fdf96d8bb9b3158e1dab0f791a9e37455a3deb75180684d136a1763c1085

  • Size

    529KB

  • MD5

    86a3751e8eb4d39857ae23244f951e87

  • SHA1

    82aef8058675303f13b71eb77ba5748af711fde1

  • SHA256

    6907fdf96d8bb9b3158e1dab0f791a9e37455a3deb75180684d136a1763c1085

  • SHA512

    8933895e307a15949a2e91b2eebfb95cc79f7b3f757591e9c65d84fc460931c23d13b3fed6e9c9ca5cc8db80a06696d0937855c1841421a5a0d5f66cf1571005

  • SSDEEP

    12288:knz6hGIgUqUOgh7o9iVEcVLLx6LZ/Nb4eyKMXg/:EXUOghEvcVLLsLug

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2