Extracted

• • Target

    897d8cdd092ed26be93e6cd9b384da90128f98d5b80e21ee95ca95ba5ce40f17

  • Size

    819KB

  • MD5

    b3357f4dfe7dbe081d64e8a95bcac220

  • SHA1

    581795553739ed6c2bfa8f73c1c361c75f163dd6

  • SHA256

    897d8cdd092ed26be93e6cd9b384da90128f98d5b80e21ee95ca95ba5ce40f17

  • SHA512

    f3e2eb82e0b5586d1d112ca0f632b33562411cc2804c9e1ffb153cf6c51fc0556d34184a99cd8ffd640bf65bc4c723e148878d5aea1f090a15860848410f6b33

  • SSDEEP

    12288:1lqnHvjNIrpf9rN/mc/Ckm85fy1kOPJ1/Sp2oW0xj/R8+AU0YMa13nlZv:1wPjKr5BNDhm8561Op1W0t/RxAUlMGZ

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2