Extracted

• • Target

    DOC-BVCG6655-76854345679876542345876.exe

  • Size

    207KB

  • MD5

    5929d1fa9e45aece1d409be6b2013235

  • SHA1

    006125ceddef1d018f9f605def57ec29c3e655a0

  • SHA256

    8fb654a0bb85f09daf9cd720d8345b0ec963a670302b8c124ecddad77964c8b9

  • SHA512

    5b80a21d2ae1edf6f5526fd381971112eae63ae18006cee1c062e5288561cd300bdbb432cbba1dd7869f6dbb673543f722fd01da1885051c66ee2343b298e171

  • SSDEEP

    3072:RFuyRDq2slZlz269x5bA59Mfo0y9KKuPIoBB0OzVpnoEJ4GGZKUyyfPDSvlcfxv4:R1FslZpx5b80ZHBSO3d4GqPfbSvqn4

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2