Extracted

• • Target

    payment swift.exe

  • Size

    1006KB

  • MD5

    feec3a5dfa497f7471804ee0550372cc

  • SHA1

    be16a6c79b2a5a35ea59fdb03d162bb3ae6fdfe0

  • SHA256

    ebfe3afe48dc47239d68700f74f01db8aef2b4c20f833178de5d55988d05a06a

  • SHA512

    ee67c4db25484aa728ea71ddca76b3fd0f1687990870d923a70b7919ac265200ea0be57f36c709c1fd004748536053ba6e4114f291be7960de5ad27140a2366b

  • SSDEEP

    12288:YKl1K8tUyZmMRxEy0gtHvOheuYorbLHqAIcv0y4PltHb1fLxddL/+u2KH7vrqFV1:1mhe0rbLHqvcFMbR57vrqFVae

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2