Extracted

• • Target

    fec24a8696d4ae5ab871bbb2cacaeaaf_JaffaCakes118

  • Size

    427KB

  • MD5

    fec24a8696d4ae5ab871bbb2cacaeaaf

  • SHA1

    eaf997fc74dccf3cafdc32c770669fbb2251af4d

  • SHA256

    e1cb0ef94431eeabc054fda95fda916ccc564f5d05c808fdf54e573e40f043f8

  • SHA512

    99e7c810b3e5f380cf878333faa1bc4ce98afaecb1caa0e77ae63838b048138ec427ec8a0416f330e990dceaf8bf3bb56f4a2ed8a6959e5b854f3077f10eed2b

  • SSDEEP

    12288:TESo+OWcUauO9apDVdetJgpniNMNw8oFCiWiNU+:TESaWcOrpJdKJOnkLFWix

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2