Extracted

• • Target

    PRE ALERT NOTICE.exe

  • Size

    930KB

  • MD5

    4fabd56f994ee77c3b6c5801af8c1ad2

  • SHA1

    034f29159d5bb146ec5acad4fa1e2a0524ea7c3b

  • SHA256

    3d9a35553412df33fdb411308a79fd2858d9c51ec73a1ce46751a35839fb58d5

  • SHA512

    36c314ff0a8f3209a32af9f8b5d260c516d742889b8373c38b8ec07b31fba861eee448ebf06a21dbd9e50f1dccd1bd3983b3d5fccdf35e039cba5e7c5604e491

  • SSDEEP

    24576:pAtD/61rgywSbU5T3NUQ7yTSSiSW0FTyjP+ENasJ:K611enVSNDp0FJ

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2