Extracted

• • Target

    SecuriteInfo.com.Win32.PWSX-gen.32422.27987

  • Size

    536KB

  • MD5

    7ca21c3c3675e6f031f5dbdbd734fbb1

  • SHA1

    a06df48d928d73be766be87d6bf309d85baefe0f

  • SHA256

    91c4358eb1c2c4d38b2c3e930eff281ab6cf22ae0200e4dfa49725fd4657e9f7

  • SHA512

    a50341eec2ceba39fa2e083ba6b53b8a503a20959fb0869e99c459d035cb52dcb5e9047a69c0bb1f188b6965a1ee4bc88620b9eba7f69d248d28b43904fec2ff

  • SSDEEP

    12288:TS9IXRtjsjxZwbwyFexlPn5H4F9GXGKS4qBwNTYpIfdOvnhJ4Hs1:RFYNnK9GXyFwNUpqOnhJ

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2