Extracted

• • Target

    tmjGCGOEGMinVPD.exe

  • Size

    691KB

  • MD5

    b5006f1dac678c6e6a2c698704e49ad4

  • SHA1

    2ad2b936da60e85c1dc26b6281ad8380393b0fcb

  • SHA256

    17ffcd130215ae5b3f8ba4f4aa5577abdf7c44a0c2e70619c35e42bafbbb3a82

  • SHA512

    cd21606434f044e533876f37f44579bd916d868ad6e0f4957a9991b29fd03d69773cbf6f1c232ba5dec41787bcd3c73c04b25a02bb5fdce6a01104e57bf4d4b7

  • SSDEEP

    12288:G/fWTAkMq3EAppRG1/D02YbItl1rr6NPcCCZ7VB2iGI881CEt2UXS+ucb:UmAAEQg3v6NPm7VEIlp2Ui+ucb

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2