Extracted

• • Target

    BANK SLIP.exe

  • Size

    760KB

  • MD5

    d393aad5c675713f584e544567808d39

  • SHA1

    a99d3608e387a7ae8d96425175256f4457212d42

  • SHA256

    8bc545b58c8b9911767e43686a1c4d9b5051bef4bd2c788d1a961c28aaadad1b

  • SHA512

    c52147b823949d67521de15dfc9636c46b92e49efe5c203a55aa8117c8f6b9764f7a6cd61e47029f947c09bafd7e9eaec4db4d13361848383a8541e17e79422a

  • SSDEEP

    12288:UTtbXTBjy2odVqemgEAVKOiVcGEdaL7Q:UTtbX1Vemgt4DVcFdaXQ

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2