Extracted

• • Target

    67189dd8b1aa6133903b56a209afef0a9b1eb6784030eb4c1276bb4c381c7c94

  • Size

    900KB

  • MD5

    2e1d5cba56b07abcba3ba5404d712e5a

  • SHA1

    7c796bbaed461ef57f74534c25edaefc0ffd724e

  • SHA256

    67189dd8b1aa6133903b56a209afef0a9b1eb6784030eb4c1276bb4c381c7c94

  • SHA512

    c4a23657400bbfc052ffae7c08ea68e3bb8b44d280547a5e0a7b1981910420ff2dd81545ba4d9b3b17432870bf33a64a55c77e3d0e1a6d00f6633f8b917bf720

  • SSDEEP

    24576:VllqhbDgTdWMpKScoOlF7OJpH3ukIO5SI:TGbDWdbcoOr7c30OwI

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2