Extracted

• • Target

    8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d.exe

  • Size

    757KB

  • MD5

    82327d9cf26cb8125ed650a63cd16fe4

  • SHA1

    7b117e9a75b039d67262e39b095721f292b93eef

  • SHA256

    8747e56c9e9e2503dc7664fde2a9be12186fc7696ab06a4e86c932f65f4f2a1d

  • SHA512

    c627746521bec9fccebf7739cea6d63b85557abc149651e0c65df156d8a3b3db6e91026366fd3b672d23165f8ac6d8775867b7be9b4d6571ff29ef260dd6db4c

  • SSDEEP

    12288:kLsUBk7L7lPFPacXMza6afhu0N99WShm/ZebGA5QuNqztRr8K9nThtmm:msPZIcXMWfE0N9oSh+e3Wuc7QsThtR

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2