Extracted

• • Target

    60fbd05647ac67624dcde3225622f65803b0175cb674a64a5893fc9f28988b4f

  • Size

    1.4MB

  • MD5

    69c1aefce718add20c82e0d7bb048259

  • SHA1

    6501ebbac6c911cb43f40850f5e64ab0b087c4fe

  • SHA256

    60fbd05647ac67624dcde3225622f65803b0175cb674a64a5893fc9f28988b4f

  • SHA512

    a643be9430e8fe036d3983b2117a4e6a158bc1acea689dccf2bac1c5d488e2f427f47caeecee57848a7f5d286fbe918666be36b575b6e060eed83592a71e038a

  • SSDEEP

    24576:4GZrokKf01NxzN6lIyGxv1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:4aoJAyOjLoyEkmZ9Y14

  Score

  10^/10

  agenttesladiscoveryevasionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • AgentTesla payload

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2