Extracted

• • Target

    WrMDKRDkp0iT8aG.exe

  • Size

    1.0MB

  • MD5

    d94595623599d8e5f11957ff605ae540

  • SHA1

    554f03166f4cc986b0dc1d06153fb0036051d7b1

  • SHA256

    bdf30178d213789a9a31a454653a627d3cef374e860fecbd5ff1e49ad30c6d8f

  • SHA512

    b3dacbda163e108ac42aa461e6212ea456514f51fc9588e7651f124f97fdffa2ebe3236a941f45295d331c6edc789e0f2bdcfd49f60c6dade8e7db937fe7a0cf

  • SSDEEP

    24576:djbqNAY6sPYjsOX6NTnrtOXA+/0CutcqzSSSK1/da/:diSKf0SSK1/w

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2