Extracted

• • Target

    e7ad300954067f12040305283fecae4358459451c2ccefada1026821eca9dc53

  • Size

    656KB

  • MD5

    c18475bc853e6767570d6bcb70ce7643

  • SHA1

    3a2d82bb59a18ccf5976a9b185447aef37dadc23

  • SHA256

    e7ad300954067f12040305283fecae4358459451c2ccefada1026821eca9dc53

  • SHA512

    50d7c451cb64880bea4ee5f9e2f4d10e37e64d6207b32040ba33c6da079080055282143d76c368b6d1d1e797bccd065e5265fd0bbf83279475cc52c77e147c99

  • SSDEEP

    12288:69zT370mEjB5vCBnGg7kHcZjRqZD+xPjPlhGW7wQmeQb/N8EVe:NFdMicVc+xpsW7bmeAN8z

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2