Extracted

• • Target

    79e39d56ba0b50e790bcc45806ed6f5c

  • Size

    1.3MB

  • MD5

    79e39d56ba0b50e790bcc45806ed6f5c

  • SHA1

    d949803527abfc42b1b83bf4c46d437dc9d0c75b

  • SHA256

    37c527aee5d570f8e66cb11489eb144e0d750337387f0caabe790bb08ba636e7

  • SHA512

    9bc41c479b23ace9c6d549ca5e6474ae18a629c689bc90be9bdbcdb33880496117553d5ab8ad63cac16a8b99ab326cdea910a9391786d78649237f662da43b50

  • SSDEEP

    24576:kEzPW5oaXpcB7mVSaccPuvcd5OGQT/1/0nS+7n4SYwqK4zf3RTsAHWAgqChJ+huh:tqiecp5JJxGNQuiNB/e

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2