Extracted

Extracted

• • Target

    4cd5de1b258cc0759ac0e866cc65ce615cdd8de99fc35d12d69983aa2c54519f.exe

  • Size

    659KB

  • MD5

    50aad66f83288e9b066b823dc01ccc73

  • SHA1

    583b4bcdefa93b9b0bafc1d59b353f193bef4e41

  • SHA256

    4cd5de1b258cc0759ac0e866cc65ce615cdd8de99fc35d12d69983aa2c54519f

  • SHA512

    c9e0be231d0f5a0a943a185849d95dfd0138f8d8ecde2ed136d9a85967d1550e0fb0f5a861139b934a13e6c7ee267abe2c39aafcbef656912874078a15e91215

  • SSDEEP

    12288:3lYifTMNfFFA2LkA3vfiFSqlYg2E//e6E1DsvXkW8I11f7R45F:WioFFbkZllJ1//E1DCkW8Iz

  Score

  10^/10

  agentteslaexecutionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2