Extracted

• • Target

    Mould clamp bolts quotation.exe

  • Size

    652KB

  • MD5

    2c9ada063e59aa030e6bcffe5905660a

  • SHA1

    1b64074fb0fce4d6c490ca149c2231ebb16d44ad

  • SHA256

    67522f9195f70de8b7a1cd137f3dcd7d751187071bb3fca9ebf58ad60f099533

  • SHA512

    a65cb2234f7769265fdadcf00ef2d3114671531ea9f46a5524be4bc12baace46ded4cce0be36fa4fbf9e3ffc8670d0557940e9634eaa015788819f64926ab00f

  • SSDEEP

    12288:o99glh3nbCaw89gkyKhkdmpIwCu8bxrll2KwNkdc5yUSnxl0b0F5ehzr5Q:oUw89jRkcpIwrQp06c6nxl0b/PQ

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2