Extracted

• • Target

    1a53c645d8a4df7f6cd796b426512ff27cbb40988b73248e6feb8a8a498b9532.exe

  • Size

    1.0MB

  • MD5

    87bcb7dc95d3d9ddf01fb453b3e96824

  • SHA1

    31a6f0e2ac4e4e44795991b9ae5de3ac21f3c66a

  • SHA256

    1a53c645d8a4df7f6cd796b426512ff27cbb40988b73248e6feb8a8a498b9532

  • SHA512

    59d57789312d6e1d4db962956b0b69ce576bcb07bacf275a3694f9fe624aedab373a57236e3791d07f95661582b28ca5b797f861e973b60e9d0354ea127fe11f

  • SSDEEP

    12288:nt2iN1/Sr+peUv5KDl+mX/bMh2O5jCaCMJaBc4rCeijhJ0KSl+jO3H8c+9eFf+mu:nt1e+lgRTMhh3CMJaNmei9UsjO3H80

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2