Extracted

• • Target

    IV22200102 30-03-2023.exe

  • Size

    677KB

  • MD5

    9a73ed7acebb4aa4df0f6cb3f2c66881

  • SHA1

    2273f16a60a07707d55c6697b63f52162d5fca8c

  • SHA256

    285c3ffd2b6cdd180ee0a3371f12f6a0ffb4a77ffc7a811f242749f68722242c

  • SHA512

    39407b0132fe24cd93fb9fa992c4e66090d0adb2132848648bf77237cc78c23d678f1bce9e948c6818554f7a214fc8f5e97f40533fb4b91477b80adb21287af7

  • SSDEEP

    12288:kKPFSPlpTCyywVhs9PNSWPAoer7/iEUL07zMtk7R:kiFSnT0wVuDTrOxUL07zB1

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2