Extracted

• • Target

    f85fbf42de86ccd194b7ed2ff16ec15a5da6038783c72961e6c104d86eefa86b

  • Size

    169KB

  • MD5

    1cb5a16db2a0572af771777102b3154c

  • SHA1

    aff61842499ac9d70fd6cef402001236db645794

  • SHA256

    f85fbf42de86ccd194b7ed2ff16ec15a5da6038783c72961e6c104d86eefa86b

  • SHA512

    873d95d1a450d8976d95d9dbdf15383e0a413b17527c280aeaa682d4f0813788dff46e6a4f7962b3ec0c666184497f38fd44574b3a7f14d0025dbe4a69dd3e8b

  • SSDEEP

    1536:uOY4J7jebr39rGixcajfcOQwGrHzdANmN88JqhIY/3yRYAu9Vh4:04irtB7QNrHZcWWIYwYda

  Score

  10^/10

  agenttesladiscoveryevasionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Contacts a large (4269) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2