Extracted

• • Target

    489e95811f4464a98cb9c2ed1bccea96

  • Size

    1.1MB

  • MD5

    489e95811f4464a98cb9c2ed1bccea96

  • SHA1

    f68b4a40405b598f92f1319af286735851340d3e

  • SHA256

    07f71531fb540881da4f829038da3222e3fea6c27b2aeecefb9208bca648daf8

  • SHA512

    0774ddeabd257c69822f4fbdeb836c0e02439a974d2a63a532d841893d02cbaf670f45a47a97b79ddf568756c6ad95e9c0be52e975712560638384af087a7201

  • SSDEEP

    24576:8AOcZ6JVYy0kWE8Q2Qe0E3fhNQXNmrK4VEZe:qhjT8Q2FOIrK+Es

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2