Extracted

• • Target

    6,992,227 USD SWIFT.z

  • Size

    720KB

  • MD5

    e8f281bec691df92e0b274bda48a9023

  • SHA1

    8c95b511461e3fc31d02339ccaa5842676359970

  • SHA256

    58ea08f23802ebf24469ecb15cfed7c0158ca8254863ce93bb3b5a58646170e0

  • SHA512

    5721306f332aa975c9e2c2b800b7cb5d9b1ede8494269514300ed47162b9faec64876f72f14f3ac42a415ce7ea4ee0c72988c409f24d9e54f846eaeb6486932d

  • SSDEEP

    12288:IlW3/mzBh35wwzAPV2Krnt+aq+2sXWlVEovGpv2wa0uNqEjzt3X2OkR:8B3zZatZ2RVXeG9HBu

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2