Extracted

• • Target

    ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093

  • Size

    37KB

  • MD5

    78f270cbab89f32c355f1b9354e74a17

  • SHA1

    ff6eb90ea94ce75c0cfdf1c5c967c41e1f467093

  • SHA256

    3a0a9c9d17e7d5ab347cf05ec50ea6a758b966859e218ed36a95eefc9a5eff2d

  • SHA512

    29d5394d7cb67a6892c217c724454a66efefcdcc0b22e91ac120956ef196066635ebc76d04c141e85eb068f4ec5e9cecc15510e7e2e1ccd5575f3915a7aef69e

  • SSDEEP

    768:tevPNqfe1TxGW+t12vXOguVQt+hEqt5RYVMb824v:ONqm1T4W+t1eXVsw+CqtfYE

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2