Extracted

• • Target

    b09a0b160629c46cd40123518cf4beed875c630f8836e2fea5d894c43fd58093.exe

  • Size

    861KB

  • MD5

    840cbf490ce0600e1057f72949a37c73

  • SHA1

    151c7c81a8f1e9dd889eef12e8c4ca6749495dac

  • SHA256

    b09a0b160629c46cd40123518cf4beed875c630f8836e2fea5d894c43fd58093

  • SHA512

    922e31024ad6994330a528289d3ec3a9584e78b21bc32d8ee5419bc3793911fc4c092b96df0c3c55fe562f6fc761e1d60c8ac229e6c23bf8ab64e2d180c3b3f9

  • SSDEEP

    12288:0YIPXjD9Mo4ALYp92DzclnPtgmDHTtI24666LZwzcu+UEkwE6eeE2:0YIPiEYpQUlPvI251uAuhF5eB

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect packed .NET executables. Mostly AgentTeslaV4.

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects executables referencing Windows vault credential objects. Observed in infostealers

  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

  • Detects executables referencing many email and collaboration clients. Observed in information stealers

  • Detects executables referencing many file transfer clients. Observed in information stealers

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2