Extracted

• • Target

    01b2af31da46484abe30d7395049066bb04bfac6ed42379f1f2c083a5e0faa3b

  • Size

    8.8MB

  • MD5

    bb44d815f6be23eca0d250c7c1022170

  • SHA1

    66865fb7231feb1ec8fc8d22d94cdae48a08ac1b

  • SHA256

    01b2af31da46484abe30d7395049066bb04bfac6ed42379f1f2c083a5e0faa3b

  • SHA512

    c4fd043447e1005414c34191afe5dace81f25f3936f231985d2ae78f37e2034c11e91bab0b04b73ebd233c7c03a6a794be9c12cab028c94dd6003b783f6a963a

  • SSDEEP

    98304:BzqpW2bJs8qDYteYW5oDhVrfQ/z0rKX1UD8c:BGpfJsRDZwDffQQmuQc

  Score

  10^/10

  agentteslaevasionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2