Extracted

• • Target

    37fda41fdb04917e4c0da2880b51ba07e959d53a31a93a9b47785a5be8807bd7.exe

  • Size

    1007KB

  • MD5

    25e87d17f0c864ffdc217d43c82cc36c

  • SHA1

    aecd0ff1a25d22ace6ab1c9650589ca916cabf3f

  • SHA256

    37fda41fdb04917e4c0da2880b51ba07e959d53a31a93a9b47785a5be8807bd7

  • SHA512

    d1809508e78d48d398e48602a381c7e3bd45295a7b5bbd25403bf1edd351b495cb85c4e2076099b97401e1d41dfd36670540d7431cf8c8c5ca574f96147c304d

  • SSDEEP

    24576:0f7y6rwJVCUv7MQehWtnEYVe5+2brHkfbwHo7m:xj/DMV4tebHYbwGm

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2