Extracted

• • Target

    7f2793bc433c656550f8c4e3f8f410abdff298b3a693ec117c0eebe28497aa8c.exe

  • Size

    731KB

  • MD5

    cddc45ba30e23c3564068ac97d72fdad

  • SHA1

    da9b3a144f3ad988531befa2badf696a5a7830a5

  • SHA256

    7f2793bc433c656550f8c4e3f8f410abdff298b3a693ec117c0eebe28497aa8c

  • SHA512

    ab34b422a265dee218afdbd2a2f6938b29d5266682f232d071295ac066de3e7516b18687032869551e0e23a0a705402a9e45143f13e69ea6fe7714e7a971298d

  • SSDEEP

    12288:A4mZ1qtmauSkPccuktWLsw4+r95i3knujS7rYrXwPofTTPLr+Qv:Na1RauAc7gL4i27e7rYrXwPaTGG

  Score

  10^/10

  agentteslacollectionevasionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2