Extracted

• • Target

    5755187833a76cd84a087120b27a0adf0a5813a7b5f2dab0d416d7c6e7112991

  • Size

    204KB

  • MD5

    3ee9dd6af48b1e41ea541ddc7a754e9b

  • SHA1

    6794a62c69b7f3f280427a941ce830ad38f26929

  • SHA256

    5755187833a76cd84a087120b27a0adf0a5813a7b5f2dab0d416d7c6e7112991

  • SHA512

    2e329a900fc0a8cda9f285c2391abe0c0d808f30a3d59ff50564d13d67a807923385a67892c6ab1b3688f58b79368e18e7aa457698f35b4a49d408a8d23f848e

  • SSDEEP

    3072:p6eKva6to2btX+JYi7XapPuaQMjH1arBNYKTsDhsrk8PIZzzb:Qa6SmtX0XapPTj8+9j

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2