Extracted

• • Target

    bf2f6a01bbe39b0af9c4339100b070ba7f7158284555b4e2261af4c9f7bfc094

  • Size

    574KB

  • MD5

    935a730fdf81c49eb2c29c8a8e9936f3

  • SHA1

    a307bdcbef91ee41b1cb38133ea3a9fc3507550a

  • SHA256

    bf2f6a01bbe39b0af9c4339100b070ba7f7158284555b4e2261af4c9f7bfc094

  • SHA512

    8c87f092fa6ab7fb0be5f273333df5d831e5d11ae9e8d9795ace8bd2983b7053ec8bae3d8d71bbf946068070a4168a86703fac69b6cd2f4f2704f7cd944d74c5

  • SSDEEP

    12288:fXe9PPlowWX0t6mOQwg1Qd15CcYk0We1Fs1zepN0VhsAjjR6:mhloDX0XOf4ao4tjE

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2