Extracted

• • Target

    02a799408d7c1c384bc9813ad0168b20e775a0ca51b5d07017e79df133a732aa.exe

  • Size

    543KB

  • MD5

    7d1134542ceda0a2489adc3b1439a7fd

  • SHA1

    3eb43d66ce925b3c039d5ab0cf1fd958b62535c6

  • SHA256

    02a799408d7c1c384bc9813ad0168b20e775a0ca51b5d07017e79df133a732aa

  • SHA512

    c1ecd1b9249a79c24fee179462126fa298d7efa06f20e24ab2fb6c5318ce8ec810bb40731a2b87805b632806571bb3a776748343977924017f27748afa8b49c7

  • SSDEEP

    6144:qGxhL4ITcv6IW1BtxIib5SCRif/IDh5loS4DA6zrLUSwbutczDNiVghtSYsOio:jng67BvIKa/IDhASE1CsVLrK

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2