Extracted

• • Target

    SOA Jan-Apr24.exe

  • Size

    680KB

  • MD5

    66228b6f5b149c3d52a20e0fa1b4ca17

  • SHA1

    779371603043c8b5bfcd1c1b5d921cf974fc352c

  • SHA256

    ac07c423bb0785b861795d5afdaa1ad0e433a6db747986ee3cfcebab6976f2bb

  • SHA512

    e42cae6af4715e3a9d50f921704012ee2e7cd9a68ae7f43bc35cb3ec86c1e7771f69bd31c0cd2f32cf789647eb67ca3198674c60c6cb3410f60b1e79aef0224a

  • SSDEEP

    12288:+RV5XBiMyStKGzeRs3MJehivPXB4Is0PkRaqd6xl8tGnKse/MdCHJkR:YHBThKGzhMJHnuIsDytKht0

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2