Extracted

• • Target

    5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34.exe

  • Size

    720KB

  • MD5

    31dd2e39c8df030acfcbac60f31e1fc7

  • SHA1

    4f5043b4569851675908b0a53bcc3dfdd6aaf5d5

  • SHA256

    5931ddeea405cd4878d2fd6e340d55021a71dfd2619e56e7e5c5bbad0488db34

  • SHA512

    7d530ce80312f9e1d751727c3c537c3a0d4e6639bc968da0c80b190e0b5c8ed13704c28a10ed69f70c75540852b4fe7cea087355eae21bbf200a08717649e571

  • SSDEEP

    12288:TZ5nF8ME6jD/hLcBRTnunntqorOkfDhJQQ7zbxGL/n3WaOp/wOOBcei/um+Tt:TZPtD/yBtQqChT7PCn3WyOO4/uZTt

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2