Extracted

• • Target

    PO-Tooling CT240230231 - CTA240714.com

  • Size

    46KB

  • MD5

    1f33b2b038c4d62ef89483a746f86012

  • SHA1

    c54c6647703964e2dc01f11f44cdcb29a112be90

  • SHA256

    a4eb8041e9e7013243bed5391a31c3bdd813bcc64f928a8778b80e7ca31778f9

  • SHA512

    8dbd263e8d4e518f427f706d85867c21e5e146317fcb1a73e7191d03c8bff75654ece51dc2242aa43dc18bfb7387ed0330f12df7f45749e78dece3d510a9fa08

  • SSDEEP

    768:mKT/nyl4QXU2+kCYU1qLn2uDf6s6i5MXAjWHRc9EB+Yhd9eYBcriEsO:DT/yl472ls15u6fxc9E9haYiCO

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Suspicious use of SetThreadContext

  behavioral1behavioral2