Extracted

• • Target

    163ee4a22ca4f4f8ec0cc6f55209ce9a.exe

  • Size

    1.3MB

  • MD5

    163ee4a22ca4f4f8ec0cc6f55209ce9a

  • SHA1

    7d892e1cd8e6019944d559313ad6f1488cfb03c8

  • SHA256

    8449533d515571c2836e39c2d5f6a9a94478011b7d8b5e1add15b18d4664d8c4

  • SHA512

    0808fabd93acfea2ecb632fb255ba58368a057ee7253948c03ad3356f043dec5d725a45c4cd7995bbec0594c545b61ebccb1b02dbb0b6100dfb089a69f23ccdf

  • SSDEEP

    24576:4YxKCmSjOsBgo0q4wM4iXCfHsmbaR0Y7xDyKt:4KyoHM4iXKsmbaR3NGK

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2