Extracted

• • Target

    1e58093d8f9fbd98920435ef868b14e507c33b137b2f9d415f250334db8c2d65.exe

  • Size

    822KB

  • MD5

    6281c6036312d97154024e12f8b99ae3

  • SHA1

    f8a03d09d40ebc5cc4a1e962fc3af809d6a51883

  • SHA256

    1e58093d8f9fbd98920435ef868b14e507c33b137b2f9d415f250334db8c2d65

  • SHA512

    eeefce240d0143bbeeb6d107d7028eec5af1754dfe6cdc936d91d3971e26ccd7d3490c3a68f081aa9e7bcf58bc62ec3be37102cc006670b55e20ada6b044b16a

  • SSDEEP

    12288:rOTN65b3VJN8vESN1FFkF4TFWAN+DY4sPlyDNZuD5j+A1q7JfdEQfQDRw4fi3eye:rOTN65b3VJZv40AN+s4s9DcJVE1

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2