Extracted

• • Target

    Report.exe

  • Size

    716KB

  • MD5

    88e3289cd07d44b57f43af8c144db4dc

  • SHA1

    e58d2886490dbb84e06c8d826fd3d9bbbd1276a1

  • SHA256

    3540c1be8ab6e0eee1c27d3c5ef243953f986f0bf0e333da9a1b7012a01ee0c2

  • SHA512

    50666c22d1c075833045b86a48076370d41ddbc1a3fb7afda3745d9860d8b8f8fe7a9cbc5ce1e9ba155a92a878bafb6ccf53297154ab9cf2d634c9a7f042e50d

  • SSDEEP

    12288:imdI0sPziy+9tl/q/LkoIV99g0i556t3+aMuaigGP8pXDdRYUgn9Z9g5:im779GLkoIfe0i5564aB3D8dfYNm5

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2