Extracted

• • Target

    6c5deef73d02f6a72b9e5db340f3a5e3743d6a63fe0827815378bf2b13624d39

  • Size

    454KB

  • MD5

    fff782549c0f228212f00700e491f492

  • SHA1

    949c3f8217c8870a01d1d9eb128b18d9c57ed89e

  • SHA256

    6c5deef73d02f6a72b9e5db340f3a5e3743d6a63fe0827815378bf2b13624d39

  • SHA512

    c4c21516168722b71b3f11afa14d23d860514036335ce3580337b94174a6089d167fca102dd6272246e7c4b95d74fcb7728e726c84071c9a7ea12fab52ddc5b2

  • SSDEEP

    6144:MLzDJrJcGWJHAhrQPliyLuypxKmKRIeM2vAvW5En0c6qFepN:AvpCiSdbtTO2+vpez6Ce/

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2