Extracted

• • Target

    f3ff932bd931ee266567cd0422a067fd38281164c534026b57d740658aa056c3

  • Size

    217KB

  • MD5

    ca2cb33b0542cdba0673c3f0a81a2f7f

  • SHA1

    066c0fc9236c6eb5ad69a3f8f095a793a9d5789a

  • SHA256

    f3ff932bd931ee266567cd0422a067fd38281164c534026b57d740658aa056c3

  • SHA512

    377d2222e3083e07ebf8b19eacf2ce3cb9222ee93c240a6a150c5e2a76a09770a7887e0a65a8cc02902e12da0adcb985d787bcc00b6fb5bb2ca8ed7647d2606d

  • SSDEEP

    6144:/Akza3r9r/EDpppppppppppppppppppppppppppppL9:Be3r9r/+pppppppppppppppppppppppd

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2