Extracted

• • Target

    bb0da0bb4d9e2bbda52246946faaff37b7a0ee64922f84f70eb5f7355f6827db

  • Size

    662KB

  • MD5

    19ea2750dda72a07006f545dc22086e3

  • SHA1

    1f4094ddefe7626a9443a3cba938c67559a43da3

  • SHA256

    bb0da0bb4d9e2bbda52246946faaff37b7a0ee64922f84f70eb5f7355f6827db

  • SHA512

    47166ed634346472ee7eaccf822e19210d95c12a47219b69c65b99043929f2aeae2cb726f3f90563ce1760bb8c14fe10bfce7ccecfb811995ccc354c10427af3

  • SSDEEP

    12288:FHnOZj7xkozuB4P/ml559x9do3YZKC/yIDaDFYElWo9rnN1NfTENVEYMbtSXBHzq:FHOZHuozuC/ujX57yIGDFZE+rnN8rMMI

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2