Extracted

• • Target

    c5746323feb5767de7ca29e232458386f5699e21c013d714e37acb6b77bd824a

  • Size

    1.4MB

  • MD5

    c730cd2d84cfadc530360d91b2bc2791

  • SHA1

    e7f5258dbaf4e43e154068859042028545b1e873

  • SHA256

    c5746323feb5767de7ca29e232458386f5699e21c013d714e37acb6b77bd824a

  • SHA512

    a9f10cc7946bdb1901b2e0dfb8eced2e5c1947d1c24525036f6120de479c4ff13cfd917bcda3f3b148f931056ad021204e63bfa59194981695f16f22fb4928ef

  • SSDEEP

    24576:rNnYahM9SH+ZeqWiIXaowZimVhChgKvaUIdY:rNYahM9SH+ZeqzIXyJChAjm

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2