Extracted

• • Target

    027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6

  • Size

    634KB

  • MD5

    493093124350e8c3012a1a36f4eaa7a3

  • SHA1

    6fd685db77750fed9f9067139cd5cac5ae5ec967

  • SHA256

    027a9ebfadb9ba3940e5498640bc199fb9f3bd8a34dd85af15b24deee95344c6

  • SHA512

    30477a1e0c25e3a95c6bd4f5bc601c99220a00532bcc1514aa0dabb5f11ca5d02f5e94092812da52429676d07259dfd93e18a4e7cacab4114dadf39f8d4e881d

  • SSDEEP

    12288:pM45+po27erR+TVWUOOw3TDUnnS3zuY+2iS4rOApPmcGUmKqA0n3FUiP8kMXj:pP+pJE+pW5OwinS3zu52or/mz3JUP

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2