Extracted

• • Target

    Yeni siparis listesi13042023.exe

  • Size

    804KB

  • MD5

    3e6b260fdedc8b1e355dbe207e877339

  • SHA1

    cfa9fa23b7af8283cd4c6fc38cb886b9d0d391ed

  • SHA256

    1c86b0e202a10381d1c05101386cf2903d501b444d73184e9a38f02f1248fcb1

  • SHA512

    3ced366b356c8da4cb3abfb9f6f0d1946484fd359bd19580984cff083fc728e4d2df1d1bb3d4d76fd0f5c5a198e3ababde8dc19b1f3311147ab44a88ed01a11c

  • SSDEEP

    12288:qywrbUis/IC45cG5kA9/u53O6BQImrKKVYLxj8IPNVHqDU+HXMW99PUsDSdqK0ex:pisIPN+aW3FQ4sW8wNcU+8vJsX

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2