Extracted

• • Target

    soa usd 88,362.exe

  • Size

    960KB

  • MD5

    0e4b935de0d3a5f7f55dcc7e2895e8fa

  • SHA1

    1232483ee0d3d6a4ece0237247d9cd5b9c36dcaa

  • SHA256

    31e49f1d5620418ef41da80331c1f3bfb578566ab0fdf53fc9890919a9896af5

  • SHA512

    bf6a34a956182b69aeb3b2113d01a250f5b81e7534386cab02fbf49fce8dc99f412883c59f460c1150e8c9f5f793b0277e36418076c5770b48b57efb1ed8da96

  • SSDEEP

    24576:1GYAKI2iimCOvCF6oiFKjqcqJDxwg5+Rka:1GYpX9mk6oNjwJ7eB

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2