Extracted

• • Target

    QFvswtcr1f60ol5.exe

  • Size

    720KB

  • MD5

    741a5a12f09c04ea3e9016b0df5b1619

  • SHA1

    70bc8da958d222169fbbaeef24caf81dcad79403

  • SHA256

    34e80cd7697e28920dc9d333f057b29cb3e4010a8be917130a9c3137aabfb547

  • SHA512

    3b0150010c59a28dbf8206ac2210cc953538af03129af9772e0aa780209637a37496d01573222eb5f7e322da8d5910c5f40cfd0b29d7a4ea3c8ae046ac2578b5

  • SSDEEP

    12288:qhdIaRFF8dhPVYuKpqScN28sYpOI0fEPwtn/2eSJ+3pOlLAeqo9gp:qhPFShPVYu4Zu28sYYIOqSn/U+3pOlL/

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2