Extracted

• • Target

    Tangforlsendes.exe

  • Size

    1.5MB

  • MD5

    2a3b0c09fb6332a4c35439c0741a3c61

  • SHA1

    1de70829cc27202b8b64235fb19829d32ac72ee1

  • SHA256

    67e5c1745d2c3382e6f20e2d7cd876acb687f7859aae4cd2b6b9fae6ca5a441e

  • SHA512

    901b724023e0ed87ddd483dae7c2c6c2269bb7115f1bfbf87a0b45efd77e20b7bcab183f60b1784ef92d86a6f04e76e719fe2a4d25794304ccc6aebd4bcd7f25

  • SSDEEP

    24576:vmwBXOxw33BYQ+0EnWF9gfJmc6Ns2VDdAVjaP+4a8ztxQX8F9toOSZD98+/1c:DXtY0iJ56nVQjaLa8ztisXuRg

  Score

  10^/10

  discoveryexecutionagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Blocklisted process makes network request

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2