Extracted

• • Target

    payment overdue (2).exe

  • Size

    837KB

  • MD5

    13e7ae190b0ab1250c199ac339217231

  • SHA1

    625b25670a86a8b9a7808d226919dec2a224339f

  • SHA256

    951f66b51f796de5f9298aa1f97c49e392083f6b570fb31df72610999fb50769

  • SHA512

    4eda095b17e782f4cc8ed58379d1787928e4fb32899069c48fbddc972e203c61cb93d9ffd1d7fb5220c7da3614814a75f7f42068480d707f60f1a8f11a2e438e

  • SSDEEP

    12288:yvmSJD+IFgicSDKNfGAIko3cajHh84/dUNMgBe9+hXpKm0qE+Fq:YmSJD1ZctNbIko3c684KiKhXQ2

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2