Extracted

• • Target

    Para Transferi20230417.exe

  • Size

    196KB

  • MD5

    6aabb0fe3e02150109da8208609ff5b7

  • SHA1

    71abf92e48a6a689f0f73fd399a7e475306a8b59

  • SHA256

    1a3504a580fbb26a634dcc488399bbee85b908e2e63ba773ffc76a26b3aaabcb

  • SHA512

    e067236c43991acb7e03a3203fd540ce3e4f64cb591403589499ffd7298693979c657f4922cd4e4ef1d6362523a29079e10fbedfdc0712cd8ebcf638951abb64

  • SSDEEP

    3072:RMhHYQXos1qdmFFAZ4e/OB595cYBjpHhm+6CeQpXsGp0RrMuNWpCc5OPT0YSEu3d:yRZ1qduFM4E6WYvB76qf/byT073Jt

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2