Extracted

Extracted

• • Target

    Garanti Bbva Havale tavsiyesi 30032023 TL8985500800058.exe

  • Size

    850KB

  • MD5

    934bd53497aec99627a9b6c48cc966bb

  • SHA1

    25a4d76f441e1d9e3eed218f5a1830d164b95d3f

  • SHA256

    17d02a46d36d276311b26963af8c73b27838fe026b32dcef9021a96c85a5a9c9

  • SHA512

    1b1004d528e0fdd8210676c9d874cd47cd8a30603b7ea52dcb0284af883b44eb71f987670f05d9fd4b240a0869d0fbd22f929f88e1c5f01478cf5de4a913d544

  • SSDEEP

    24576:B7iVsTwW+pMpeNcFbHN5cBVMyXjimXvL:B7iVs7kD4bHNiXj

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2