Extracted

Extracted

• • Target

    343cddffcd683a5f25d221f6f5a87e110c8c6ef10c3cd68e789faf241ffa359d.exe

  • Size

    760KB

  • MD5

    098361cd2bc6f72ec390e65dd28b5537

  • SHA1

    5ab9376b9782991e451de685582e85c50ee45eac

  • SHA256

    343cddffcd683a5f25d221f6f5a87e110c8c6ef10c3cd68e789faf241ffa359d

  • SHA512

    ca7ead2fbf4e112549ba689a586f2f64b18509da2be2cfdc3bb718a6516add0196267690599031160f4b684850f83446ed845ee0044f9f4fdc4bd3c187cda19a

  • SSDEEP

    12288:7IkWET/mr9K+22BEEzFatnrdiMfVxwcpIVIYfOlbltdRjdzsBhah4NBz3KzWEdae:NWtb3BEFdbf/wcBYiJJdzP2TzPK9P

  Score

  10^/10

  agentteslaexecutionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2