Extracted

• • Target

    1835DIR231029551-CRE001.exe

  • Size

    37KB

  • MD5

    3b28693a81f4b8e8bc34a5f3c163a11d

  • SHA1

    48e78c0bd2083959c284224107e83d8d7dbd4edd

  • SHA256

    597e90cad10af3bd4de583ac05b15e5697e0a57b7853fb4fca7fc8a0f7acc24d

  • SHA512

    22d9c4e46e76fcd80aca7d3e2a407498ef1116f5eea00b48454f5f3d295fe24621d1243b5659a6557a75c93d315b6ff80bda1729f3bbadec7c83986c6c90835f

  • SSDEEP

    768:ievZNsOyQ1TxGK+RDYRXsYgHa6t+S2Uqt5RYVMgE4O4v:vNsOv1T4K+RDKXS6++SHqtfYC

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2