Extracted

• • Target

    tmp

  • Size

    796KB

  • MD5

    b7fe0283cdd93788a35df6f5b541dee5

  • SHA1

    20e62c66cb2c19de2d5dd69a666e7220d123b038

  • SHA256

    7bb024a9f018978f826a9e3f9367f834427df51b1cda41ed11fd61701ec5d4dc

  • SHA512

    5c6cf0c179733c08d5e1f3817ce2ca9b6961a0811c9ace869a19b77b3fcef8b31d5088ac722611b0a344f642cb24421a871c5ced162e249f3b63f30f67f8f7db

  • SSDEEP

    12288:Wxc3xALb1QWBV+wsySEPqdyrlHgtFqZOsgdMbG4KojBgDQUPwNu5epYUUj:W4eV+wsBChHIzWbFjV/Nq

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2