Extracted

• • Target

    EWW.exe

  • Size

    920KB

  • MD5

    8077b3e5a20f5d489fa82982140733ab

  • SHA1

    52a097dfa8e24b4ab52c9cae829df1b38ecc4e84

  • SHA256

    67362222dc4dae93f62f984771afb1b9d319ea23335bd4bb4e941f5e1248edc2

  • SHA512

    580c5888489d575fcc1e4e0a802ee125e9036761436ed1b58ae9e51e0e6bc5e025a892328cda12530b5343f8ace9bdba967bdeaca982190d3ad39fc0bad0d6e2

  • SSDEEP

    24576:pRmJkcoQricOIQxiZY1iaM/U48ni1dq6ReVbi4:mJZoQrbTFZY1iaM/vuWdq6O

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2