Extracted

• • Target

    9661f2075ff6572dcd35ed7fcb74c4ba11771ddba99f230815962a43b90e907d_JC.exe

  • Size

    784KB

  • MD5

    8d648228155569c24528c387c666f91d

  • SHA1

    6e2d9d9511e21589f619fa5500d7366fb032210a

  • SHA256

    9661f2075ff6572dcd35ed7fcb74c4ba11771ddba99f230815962a43b90e907d

  • SHA512

    d499cb6727a67bad8edffb8b66f03c5cb95a84c1cc387e9d25ab58bc52fd6ee6ed81b367750e034be036a17eea9d673eb4b7ec728205ecbd64db9c886956e710

  • SSDEEP

    24576:ulX1LJ1na1B5m+ncj4MrJeYh1y+ZPy+D+jBz:u9/1na1fncjjY6PPy+a

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2