Extracted

• • Target

    ZiraatBankasiSwiftMesaji11052023.exe

  • Size

    204KB

  • MD5

    05cb87f20bf45c0fe50d44b760bda8c5

  • SHA1

    0b929157912bd110d4371d7ad23f033e7ad4dcd5

  • SHA256

    b34061090a7feced2f241fc001825ad1e47314b30a09bc6debabc962d7e32375

  • SHA512

    abbe8de758f129a0048f2b3c3e3cceccc0216005ed8512a816316544fff281fdd14b929164b81ef8e22503229cd209a623f375c11d3588eef4772ba85e5c1367

  • SSDEEP

    3072:2GoKPc8b4QK/OuODduhJ8AYZT/RyIexLCWUIsfk4Lavi+JKxFwoB7fxvXX4:2GoKE3OXDdkmZFWxHUxk4mlK9n4

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2