Extracted

• • Target

    e-dekont-20230206.exe

  • Size

    679KB

  • MD5

    33a5f92deee382035467caff29a8d487

  • SHA1

    7e6daec4a2a4dde0f5148df4165fa8cebb7011e4

  • SHA256

    e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666

  • SHA512

    c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af

  • SSDEEP

    12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2