Extracted

• • Target

    SecuriteInfo.com.Win32.InjectorX-gen.6979.19171.exe

  • Size

    761KB

  • MD5

    3d8c54bb1e30ac85fb2e4de947704215

  • SHA1

    d9e7c98cdffd52fd779ba4eb7b71382d36635af9

  • SHA256

    b478ff97e82ba8a98a92a5d3bd42c23e73aa8507a6f9943e5aac5edbb092b0c4

  • SHA512

    6db6a2b7872888a0b4dc352538a582fa152a160dee4acbb16a18f83ce69b234189cd4d8235696ba23a11d5438fcd836e5ad28c4fc89c6787c096972abd228777

  • SSDEEP

    12288:NNPrd53rD22qi0sw9+6B2V0T/hcJKycoy+Dz9qeLvmXBM5k6x1OfdVTBtVZ0bF+Z:Nx3rDIhr+6B1T/dycJEVvmXBMZx1OFVl

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2