Extracted

• • Target

    tmp

  • Size

    1.7MB

  • MD5

    9315baa2d29e3202b3f14da5b927d329

  • SHA1

    8caa2fe421dec35ebc1bc3f5da31f0dedb6a4ddf

  • SHA256

    3c78f01d7f27410f7897b7367112b162816a19930d90ccba32f4043d40c4223f

  • SHA512

    14c7fafb725151ed28d44bc7f571d1bff7d3b5fafcfe205996da408dccf72538f066e740f59651fb1b9ad8f999d09f9374f020745b599aacefbe54406c0e6740

  • SSDEEP

    24576:2ZL20LiZ2VGym3Hxe/K/3xHOMHLP0JqwVniwhgDifkkFV0p79tDa:M20LikyPCII

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2