Extracted

• • Target

    DESIGN LOGO.exe

  • Size

    1.7MB

  • MD5

    97042a029def0b48a06a31d39d32654f

  • SHA1

    6ddba4f407409166bb39e03ba4d9ff528d38d636

  • SHA256

    bf9d54dce88b260dbf1ce555bd7abdd98b030bb3ee2170d51272c1b0ec8605a0

  • SHA512

    72f5a89e5c6e7d880c3d3bb39efea644cf402d80c6f9b9b771c2158e4e6095ec5aab9306aab8510a8b7bf1c7609f644fc8f24220e9260e247bbcdb3f07607e50

  • SSDEEP

    49152:WA6OSh5GOieweChL9K+Dg0CoGIlcYtpGdb:WAzFh100CwG

  Score

  10^/10

  agenttesladiscoveryevasionkeyloggerspywarestealerthemidatrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2