Extracted

• • Target

    statement and invoices.exe

  • Size

    828KB

  • MD5

    7ca522120ba2f516eeabd3d3979c14eb

  • SHA1

    3da00a3e7c38b1cab49e7a443a33de11dbd642fc

  • SHA256

    9da495f395181d2188e798281ad85b82acdf6d1185c28885fe193c6c48f78a93

  • SHA512

    2eb76c682e5f86f6148750003e4b51375d7ac58e3486157b0c55da98073fb6f852fa0ef209115f0c8223e2f081df4ecff56e181af540da49fd0819a832cb73b8

  • SSDEEP

    24576:bDPjKr5BND8Vqr4MYBt7xa42c//Bs9zEi:vk5BNggrzia7c3SF

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2