Extracted

• • Target

    94f34c7fa30595f792252d0b9cc5af5c3de392c36cccf236214512d11e425d36

  • Size

    1.4MB

  • MD5

    1c6acfc6630b36cc2ad1a06cda6e2a1d

  • SHA1

    dd0d47d52e34c61a4764a461979297e544165245

  • SHA256

    94f34c7fa30595f792252d0b9cc5af5c3de392c36cccf236214512d11e425d36

  • SHA512

    f5189f84756885d1a0639a3606e0f96d5db65795234b438e2e6f7c2535ce88ea3db3d0c223c35cca47a9332b833c31cd5f37192da6354c9bdb89673751e41ce7

  • SSDEEP

    24576:c4UT2DbWeHfyPaMiuv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:6T761M3jLoyEkmZ9Y14

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2