Extracted

• • Target

    7e597b7a940ce9fe398f5a09ea06e9c2.bin

  • Size

    885KB

  • MD5

    7e597b7a940ce9fe398f5a09ea06e9c2

  • SHA1

    46fab946b897f1b804aec6183d9c60bad103e9a4

  • SHA256

    4722e9113d3f8eaa1956f990da588f8eed324bb8d5551d52bff3bf4536a6010d

  • SHA512

    354d258b9605425b5037822fbc24f17c07b83095d0f2ef9ff86d4ca6f9b0ee8bcacce7741eee1c04e3b12fd22e99ad1ccda5ffe6050c19320ba68564e8cf3c82

  • SSDEEP

    12288:r91idWEW7UN5vDnSX1zCyG/JW+50zKlDWjDS6VtgMyie2:r+YiUzCVR0FDSMtZyie2

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2