Extracted

• • Target

    FİYAT İSTEĞİ82032023.exe

  • Size

    500KB

  • MD5

    01f1e05c0db18b1197abe20d9d7fe39d

  • SHA1

    36ff0a02c57f1150c6dffa5d620cdc357181604d

  • SHA256

    446e23b2ec4a53c537ae29ff5964958702510c8b46c72b68d9141f238a5fe691

  • SHA512

    a013168eb1173a619a8ff93292878faa60f8635ff51d23f0e4aaadb61e4dce46186255aef35932f1003b570d6868f0e5bf4b21fe9b4f257dff870cb449053913

  • SSDEEP

    12288:Oowkeve7u1hSFHAHnQTRrZYO1HLLY5dXmktgCOfMUd+d:OowdvcunegHQT7YO1HL0dXmTCv

  Score

  10^/10

  agentteslaevasionkeyloggerpersistencespywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2