Extracted

• • Target

    BANK INSTRUCTIONS.exe

  • Size

    1.1MB

  • MD5

    f32c96153356e576deafaf691db18a22

  • SHA1

    2c23559d3f8eb1dadf925c4dac67b8e77d0bd9fd

  • SHA256

    480f492220e396a90c861da2d9b9a19940824b9855ff1d4b77ffc93c60e33661

  • SHA512

    7a02d6e097f2a827c55f12ab5a2b5a708df33a773b4f28201bebe430be3a7f47feacbeea76439805bb0c117c77ac27702b6344315a36780ec887e67dd23a49f2

  • SSDEEP

    24576:/2ZR407ikjH1lnG1nJzV21W7SKxu6m4V8HF+KMEl4Ixj:/iha5SW79u6mr+KM7

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2