Extracted

• • Target

    6a8ifVD8qEneo.exe

  • Size

    543KB

  • MD5

    5c4eb96caa0fc3642fb5656644241eac

  • SHA1

    a75d3ece6fa5715d5dbd876beb363279ffb3849f

  • SHA256

    e7295b52154e11dd513f0000ce1cad87b2d2d5a0f674bea0b82bc6f84e1928bb

  • SHA512

    3e9c7793bbc3e1b9b5b6f04d563c2b4999e70fbd92cc13743e6addf147eb5cd8312567792655f688accbc320f22adc2e1158dee047fd233d05b4bd4cc409e1ca

  • SSDEEP

    12288:Lxgvai9b33bmRXP/0cMLXM53YtpTCffx2IvS1Ubd6lsaocqOdiLj:Vgvb9rb2X0c+CffhvSCbcO5JOA/

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Uses the VBS compiler for execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2