Extracted

Extracted

• • Target

    a0e1795f5c66d1ec96b5066abc69c68623b83fd8f3c56c760b5dfd54a4465b92

  • Size

    13KB

  • MD5

    7fae3e736aa127cc84f63e20ffa37d33

  • SHA1

    a4f3fcac3614021851b094b011f67aadccfa856c

  • SHA256

    a0e1795f5c66d1ec96b5066abc69c68623b83fd8f3c56c760b5dfd54a4465b92

  • SHA512

    414c98dbfe9a5ea2fce994ab0ab143cff96bfbcd4dbe69830f90138d4c329337b8a14e88c3f96bfd94ba62d1bd580558a1fc927728c0e9c9533d688e2189741a

  • SSDEEP

    384:Sxrj/4BVkztIpPAoskmi1d+ma/GWCr3hgfPH+loR1iVpPgRgVNab544qgnp/+P8I:SMVPpPAos41gN/GFr3hgfGu2VTU144qP

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2