Extracted

• • Target

    9454da092866823747fb0fb7e5b11652794974fad0d3fbab3f80db4ff97e4654

  • Size

    837KB

  • MD5

    07d31d6b30d2925b4664dc957f2235e9

  • SHA1

    1f2d07a9085629594232f1e709987c577f639ee2

  • SHA256

    9454da092866823747fb0fb7e5b11652794974fad0d3fbab3f80db4ff97e4654

  • SHA512

    b35227b33078dd1483afd629dd4fb0d03dadccb97b4a54377c70411f06581f1aa37da6f1470fe60842cdf0f8326a9f6d8cd56e7b34bc1d295d72fcd0663e7d45

  • SSDEEP

    6144:hJR8/uA4MmNczCR2lKXgnEoRhUaN9B6YjrltoWGFd0SJOMvPHSowFrpiTqqxWMWY:Fpl88srGLBJ/qnGTWpigou0eDxao

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1