Extracted

• • Target

    Re Overdue_2022 & payment reminder.exe

  • Size

    899KB

  • MD5

    65f91978b009e38d5c12c1c8e6b750d9

  • SHA1

    b2706dbbe0a417030e9288851276113a4ff59fc5

  • SHA256

    5b9beaf5bcc7cdcf72bf643b20bb15027536aae92fa0f33cdffbd02cf7297cbb

  • SHA512

    25c660e2f807b87f29caca8d322398e0ab40e0705be7a9220aea1c09bea9142a64514919eb962c4ab373b17821df8afe2d144371f5278fd3db582cc0a6b2a254

  • SSDEEP

    24576:RMRYTynuUNAisQeKddJgQQhTL6lCueDm:zQzXWhKCuea

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2