Extracted

• • Target

    9a7b2c003560246eaa7b662ac648d17475ab2e7e057d7bd063c25e2f8ab21dc9

  • Size

    2.4MB

  • MD5

    5c5c14c126f1bcd80102411e2d6c56de

  • SHA1

    6e70364bed5f832016f27f9ece3a507350365362

  • SHA256

    9a7b2c003560246eaa7b662ac648d17475ab2e7e057d7bd063c25e2f8ab21dc9

  • SHA512

    016fa29bd74c25049effddd4c653cd5afb479932ffcf71c668bda6c8b90c855fc4837985a74ddada01d1b8c7c5f2ef05044ccc72eef3a1dd35a28df2ffd7f962

  • SSDEEP

    24576:2aHUFbWM9o9vmPtacnyKrEV6Q1IHOLclQkYtSsYEA5PIUxhFSvsTZj8dwBh5rDzH:2eTLc+Yh5vlO2ZjqwwWqEctE6vrltZn

  Score

  10^/10

  discoveryagentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2