Extracted

• • Target

    JaffaCakes118_c0059f77c623451c9b85287c735df32f

  • Size

    928KB

  • MD5

    c0059f77c623451c9b85287c735df32f

  • SHA1

    e1dcab797de118082168f787835e67324cca9b7a

  • SHA256

    feb91cde2c89cdf45cd078485f4f98683c11ec7d5a044a73968d31c2dcaa7e81

  • SHA512

    86728230a7835b7ca1a0df7e5f78d3ac25071c88146d39513bc5f9f4bfd1684476ece1df33169a3ac7f4313b427a8bd4890cbd2316aacb86522f26049e979167

  • SSDEEP

    24576:zTdbw8eGBh3/kR/quqh6/6VSmqiT6Uqmz7H:zD3CRSuqh6//mXT6Uj7H

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2