Extracted

• • Target

    23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64.exe

  • Size

    687KB

  • MD5

    3431cb842330770cdcd77c7b18fb3825

  • SHA1

    a2092b85970c2e60d0c697718516e8db18298608

  • SHA256

    23806e1b81a7d5e5df3861e5d451d1d4f06c27c320b7c081bd8b1ea71b790f64

  • SHA512

    f4dfbf95ffd52b8d413ee92b9132361b2a5ccfce3650229ac2cc67d8c66ce23104e7133ef0424c5e53c88564add291a947659e12851ffa83898507b119e5f730

  • SSDEEP

    12288:ows/3P5Ujd53Llv+7UNJksS8xrmo3P2JBIBOV8vgmeS71Ovh:cBK5hTxrBv4S71s

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2