Extracted

• • Target

    InvoiveNingbo.exe

  • Size

    1.1MB

  • MD5

    a3fab3e88799e72baefbc47e35beea4c

  • SHA1

    fd2dd3ead13b5dba83bcc923102e29fda19ef273

  • SHA256

    d11d805c3dab49566aad8dfe6d9bbd1c206918980870792ed9d496e8836aefe6

  • SHA512

    bd4f26df04ee36788ca0f4db22604f72d9a99ea4b59f25b3d9afab56b9538cdf647e4bfb7595882ef35a8f82f487d7dbfe2b86b4b7fb1f6b67185e8603965122

  • SSDEEP

    24576:kWgtD/61INy65I1JByDr/YsR2s8vqiQrUTOqofIlhChgdgm:Q6KNbqBirXwvqzrUT7ofIlohsgm

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2