Extracted

• • Target

    RFQ 10508786 Instrument Items.exe

  • Size

    1024KB

  • MD5

    4511552349b0dcfc93a0fe6ae0930690

  • SHA1

    5b527a7ee94301d1012085108a98d0fcfeeb9dc2

  • SHA256

    0771b5f6e8f1fce847a57f724edd31b9a39de68af92cf89a38581f75ee3247bf

  • SHA512

    e6d297f5a9fb334543cb7e95ba8a943501c7a16f7d64871711c75b5dbac9c37c22866f0f863e7736f277c1e1f7a076007646dfdc57cd4cec2104ee0976bc9c95

  • SSDEEP

    24576:UAHnh+eWsN3skA4RV1Hom2KXMmHaJIMzIgxcCd9T8E5:jh+ZkldoPK8YaJbxxFTr

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2