The file is a malicious archive frequently used to deliver Agent Tesla , a sophisticated .NET-based Remote Access Trojan (RAT) and information stealer. Executive Summary
: Gathers hardware specifications, IP addresses, and operating system details.
It establishes persistence by modifying registry keys or creating scheduled tasks to ensure it runs upon system reboot. New folder (2).7z
using an updated Endpoint Detection and Response (EDR) or Antivirus tool.
the file. If already opened, disconnect the machine from the network immediately. The file is a malicious archive frequently used
: Typically sends stolen data to the attacker via SMTP (email), FTP, or HTTP POST requests. Execution Chain :
: Look for unusual entries in Startup folders or Task Scheduler that point to temp directories. using an updated Endpoint Detection and Response (EDR)
Detailed technical reports, such as the one from the ANY.RUN Sandbox , highlight the following flags: : Malicious Activity. Tags : agenttesla , keylogger , stealer . Recommended Actions