Extracted

• • Target

    NEAS.ee260bff3c2edde4b179642423508a174ba14980cc4cc18ab1f76814b466746a.exe

  • Size

    872KB

  • MD5

    528d6ef6b3d0f7f0edb537c4ed539103

  • SHA1

    6feaaef7247083c063ab52f91185db2eb2b44a92

  • SHA256

    ee260bff3c2edde4b179642423508a174ba14980cc4cc18ab1f76814b466746a

  • SHA512

    ee5dfa6ce273bfa76c70d7b9a23d6d18465ec221ef7d57f4619ef3c90fa4051cc4e085cab88cf2953f380866ffcb585ffa300822ba12c88e0fe4e574b0738ce9

  • SSDEEP

    24576:OZ1tD/tUV55Yl6oszDOLivCLKYPVjses:Ohty55Yl6oi3vCmojsb

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2