Extracted

• • Target

    Bank Information.pdf____________________________________________.exe

  • Size

    532KB

  • MD5

    a4630655240e626711a0f8da0632faa2

  • SHA1

    d78c7254d8a950e7949c3c6688a2e0d3ca5f7ae7

  • SHA256

    c7834a1e61260b87156453c5281e2dc6f922d6ffdced1cec6ad2c5507680fa17

  • SHA512

    6faea860a67580ac36aa068a136281f03e4c3da23d75549d33870ec3ceeaf2ffc279d317ce0277ebe202c21be93b87d3239bd7b2a2f244c682c3f378f188d582

  • SSDEEP

    12288:no725beEJZumKYWe0nnPa++iUqFPyGKcHukimfS30:njEEabesnPBvUUyVmi

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2