Extracted

• • Target

    SecuriteInfo.com.Win32.MalwareX-gen.16735.31637.exe

  • Size

    118KB

  • MD5

    04d5d3f48850de6da5144f46eb4974f1

  • SHA1

    36a8b2c71a6845df99f2413d4d4fa3bcb51cb2a0

  • SHA256

    a97bd6181f3a2b21a3d52c888d84eae5c1c6c2686375b2c15848a77af765de26

  • SHA512

    04c69b33f30cc92ff28281c1f04c0140e8e09066ee67e906308b1ead0d7ec5bb9811e4b117b6324320ce3f783a3e85f74f67df6df3cc767093a5d7efaca132ba

  • SSDEEP

    3072:hPYfqYc5hZ7u1uIMtxUcecgUnv7mcd+rG:LTzCcllnv7B

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2