Extracted

• • Target

    Docs.exe

  • Size

    537KB

  • MD5

    b983d7ae5788fb40c2fda069ef162fc4

  • SHA1

    d8bad219e4c0520afd19de5e0ec1842c5f56f9e1

  • SHA256

    23b23bbc8497e567eba43518485bb19fe70d295e54e5af14f90d233b33d862f9

  • SHA512

    b8789ac9f36d786eae1e0b4182f906a08419b8380fe0de4cfc97e59ccaa0236d1a0d615751582606691368b1d854f649127f34d1aec6016de763ca656a0f90cf

  • SSDEEP

    12288:S7rhVe5d6U6sRg9db30NOQA+/7lP2alQDL50VOcORIGhCTAaLmAiN3DyuUjW4nRg:8LsRg9db30NOQA+/7lPI0VxUIGhCdfeG

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2