Extracted

• • Target

    341ff4121328104ec5db8662d94cfdfdcffd7c36bc022a8fabea180d3c19adbc

  • Size

    970KB

  • MD5

    32bbd2bd2b4d2e185783f25d64c6cdbf

  • SHA1

    32413fb565d883ce6c73ceb0bf2244dbab4303c1

  • SHA256

    341ff4121328104ec5db8662d94cfdfdcffd7c36bc022a8fabea180d3c19adbc

  • SHA512

    283168bb49700cac4132e477b4bc82f7cf2109c9e942b16efeb545e5f0e97e510bf8f54cce5d5e05b0249a82928dcc09e51c8af98afa40dbd3393cadccdb4f11

  • SSDEEP

    24576:TyeAKI2PDAEQeO6Ru9+DzOofcZ6IYrwg5+Rkz:TyepXPUH3oDzzful6e

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2