Extracted

• • Target

    1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b

  • Size

    644KB

  • MD5

    bc3ecb6b369f3a8d284a1a9d8df411f4

  • SHA1

    a96d932d8853dcd2a6371c29801481564e97ace9

  • SHA256

    1d02cbc48ad39c4db3005b4e29cd69ae5c46a006c80d177cb68505a25db86c8b

  • SHA512

    51f1f71455e9e930dde0dcd38f0c63e5d978d6388368f666f2cb0216851f68a9f25870dac23be22c62c3b7fc48070ae94094825959cbb84a59019ba805253f8d

  • SSDEEP

    12288:qsJTENl3QhyrTiJVSVHb3InQTg+Fj/qnSSFscyaxvho4p1zTUxeZ3vSsjHVZ:PxENlUQHEnSg+Fj/qnLjxvhoS1SPsDV

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2