Extracted

Extracted

• • Target

    82cbe9fc57abd337a5bf0d0d478ae7fb9158987c1d7c5006b20e309c06329ae8

  • Size

    742KB

  • MD5

    c332cd50ce66d6b2cd13b5279c2a2081

  • SHA1

    c1bc0c828c3c8bb168b8f25219f2b4112d67ea6f

  • SHA256

    82cbe9fc57abd337a5bf0d0d478ae7fb9158987c1d7c5006b20e309c06329ae8

  • SHA512

    39ff7c136f3d8ab2ca540b9be00c0e0ae350ddf5e4b9e4039bb4459f624092bd12f4260ca9960f2b59f63d04dcc044d5586b54a2c7ac9371f222e0ac2175494b

  • SSDEEP

    12288:AUAdXtfETk6Nbnb1raLLgWQxpcagobqzwQ+LcnnbgwmGiCjoYGxE+GqvCEti+Ch:Add92VNbnhraLEHcavbqUQqwnbgMVjoY

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2