Extracted

• • Target

    7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf

  • Size

    799KB

  • MD5

    8fb6d1e2ee67f07c2119e2ad77298b8d

  • SHA1

    f8e6d4e53c48f1e155d975dbe9b8788438ab2eff

  • SHA256

    7afe031d8459625274d002cd8c849fd12cefb7802bcc32f36a67590fee9043bf

  • SHA512

    e40e7de8cf6d39a4e2d5e0eda17ddfd8c5031bcf2d582e448867af8ebeb9153610aa21c8cdeaa3aeb2ec1854b9ba4a0b4709c769fbb4109381deb65e29620a75

  • SSDEEP

    12288:x+HvqbycatMvDITcpGIm/RarlLhFeP68lK4ENzJu:xckyp2vDITAnrlLhcS2ENJu

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2