Extracted

• • Target

    1693844525085627b7cf9bc306aa266e9305a77ee0a76dfb7cfee5affb59f76267a08f6833347.dat-decoded.exe

  • Size

    274KB

  • MD5

    9f0aeff878befa2b72bbc2405581d78b

  • SHA1

    2eeb08f4869864d14cab38d73dc539cde3077f60

  • SHA256

    a1528f5de37b949354a3cdd6e72ac966b4a0ec675d7a23b67af482ddcb94616d

  • SHA512

    a5a4a0df564466e11ba0a5ae61289155f35545eb1225a3d378c29f20d65375feec9e5d6f4f8b8048932de9d1999348edd710c70d677db67a438bba6444fdaa81

  • SSDEEP

    3072:9pMF0t5OFxrHqMqZoeRcqs4sdtYS6Z02ljQEZ5URUxeE/RkJxKbzhe:/MK54xOMqZ/HaTYJ3cE/xNavKb0

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Downloads MZ/PE file

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2