Extracted

• • Target

    SecuriteInfo.com.Win64.PWSX-gen.24801.25754.exe

  • Size

    32KB

  • MD5

    ee4bbc4739a0fc1c8fbac11cc1f63385

  • SHA1

    13f7d950881ebd77bdde2afda6781d02c2c97ddb

  • SHA256

    c12de4a53b633a610834e274d0d1abb8304f8e184694c6a777ab461fcd89c9ff

  • SHA512

    f010aa774a61a5fd088a281094a2742308be8a9b9196f90cca5a9a479e09f26917f9c7bff43833b37b68be416fbc5a0b4292c64b4e47de1df76486679932a1fb

  • SSDEEP

    768:HcIIkYpBiTkETf0hR0lvKNdZwF1Jc2SW2YVmuYfU:9ZYpBKkbhR09F1JbSW2YVmpfU

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2