Extracted

• • Target

    ee1dbadcb7dad10737664a5026b39305bb58aee398d8f43018e52f7c99f78915

  • Size

    737KB

  • MD5

    9b893026db16c997eae54b8fee950054

  • SHA1

    3521840bebbd2d11905304e9f6e6f9fe4bbcde0c

  • SHA256

    ee1dbadcb7dad10737664a5026b39305bb58aee398d8f43018e52f7c99f78915

  • SHA512

    590ea454d1d698ad8648a47d3527ba2ba8452ebd8ce64e68c08aa8b8caa4cff240f4fcf41bc3b98e47880f685556212dec3a394061c4c8f2c24b2aa6c3d68b88

  • SSDEEP

    12288:DdSj4/u5JTJf78ZOZevK7ZgmeG7qhojOB2qpg6uo2pNq/63riXCDXLpLWfHr:DdSjS+5gI/imeeTAg6T2y/6uXC/pIr

  Score

  10^/10

  agentteslaevasionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2