Extracted

• • Target

    Tiajin Haizhi PO 1509 ETA Sydney ASAP.com

  • Size

    117KB

  • MD5

    9ea6b17348de29490d2ddcd0fc0f9233

  • SHA1

    b5adf8fdd81c676b6e3a04d3aaba364af496dc26

  • SHA256

    d346f457f38f941258addcc492783f9ec111c7230bb74ed4a0bb8992bf0c61fd

  • SHA512

    af8100b14220834c14248b1f82f8be6d6506fb2ed74b9cf00e769c7f7663b64ad38d40bf17c7ad479022aae426005b1c641cfbf1d2fc2a7dba6bfd07b044ac5f

  • SSDEEP

    3072:SPCJ6uhiPIhZxE8uIMNHPPK6Gs1U+W0ZBUQnIrL:RTKHPPIYtZBd

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2