Extracted

• • Target

    SecuriteInfo.com.Variant.Lazy.254108.23652.27278

  • Size

    294KB

  • MD5

    c3790fa0a84ee89f33cf7f64d21bf00f

  • SHA1

    9b5a2c1b7ec6e0d85ead32e0213b35a71c765ac0

  • SHA256

    e0eea0acc8a4a815ae242bfdf45b27129cbb9bdfeb1c897f58b6f5c0c771a5eb

  • SHA512

    fbfe49f38019224e8c6327004592b52b806df6c80e3f5c66296f78a3c38b48cbba85170b832a58ad0b373599a80117226e2301bc182f8087497452e4b8de4366

  • SSDEEP

    6144:chEvm4FPzdMrshrR92O2bSrIVuHayn8y5REr:c5iMe+bSrINy5R

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Executes dropped EXE

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2