Extracted

• • Target

    770375545746.CI_770375545746.GenesisAWB.exe

  • Size

    320KB

  • MD5

    058e6cfde5b836d53390c1affa9e42ff

  • SHA1

    a55b0ade3a95b17f8bb3701c3a98348e7a20e662

  • SHA256

    8e93ecb2649c96c21b8ca84ca2bb084902bc406600af15e0e03fcbbb41f0e373

  • SHA512

    39e2bc5200c1a3fc578f5a62d0e31199f5b5077698e437d071f060105a57a4003e17bfbc8c8cb6e67f8c00f226fc343d45d7d9c3064ddcc95954f1a80087a577

  • SSDEEP

    6144:fQ606x5wOyFNKvLOsI5H8T58KEyyfnYO4FjTdiCWD:/wDSvysI5858KEyyfnYO0TdiF

  Score

  10^/10

  agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1behavioral2