Extracted

• • Target

    2974ae3c88a7395eb508e144a3efc57f2dd86be881396bf48b5db5463ada1d51.exe

  • Size

    806KB

  • MD5

    1f314088a97934c47675c1c250a44ba2

  • SHA1

    f0cd56ef9fc05b7833585496bc49b4cc2deb3d61

  • SHA256

    2974ae3c88a7395eb508e144a3efc57f2dd86be881396bf48b5db5463ada1d51

  • SHA512

    cfca337ff6c13d3c89df08f9c4a964f01d6cdc19f558847b5c545db0c8b8c11e57002633176705739cd34b5cf53aaeb18d8ca5eba82efd4d0297669ebcc5cec8

  • SSDEEP

    24576:9ukmGjZtvexJcXxj7y8KL9v1P3q0qx/QSrxN5IC54TWMJA:8ujZR9j7uP3TqxVtgif

  Score

  10^/10

  agentteslacollectionexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2