Extracted

• • Target

    file.exe

  • Size

    11KB

  • MD5

    8d361274685c6e905923e1743cff08e7

  • SHA1

    c24c935d442e531a18cdf4c5cff3b92feda8d008

  • SHA256

    9356d56bc50ab9c3138c1508dde0c7f91732aa2a49ba0dc047777c33dc4ad7d6

  • SHA512

    166bb6f89a4a5685b5749c9284a81e385dff7361235b1ff1782338e912bbd765ae918cb4deb52fae5701f43a0fad144d86ff6250cf9c92f86f4e6f55f30b744d

  • SSDEEP

    96:Zgd9i15VpHbKNK8Zwr0jE9yv1Kxv+FTIPcZhLCzjDwIv8+yU0Qb7DzNt:lpHwKG49ydK1+FEcZhiYSNyIbJ

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2