Extracted

• • Target

    27cdaadb36386864267bb9912c1e1cbc1f741c8fdd0762e32efdbb969358c361

  • Size

    2.3MB

  • MD5

    a04b0ff1ee4f53cfb8112a7b1e818888

  • SHA1

    33e07c599eb12ff0e4abc0bd8877452633a00371

  • SHA256

    27cdaadb36386864267bb9912c1e1cbc1f741c8fdd0762e32efdbb969358c361

  • SHA512

    614f83b50e146f3bf308439bdd6983264457009af1025064385ea2fe000f481c3ebb2d259cc7319e6297f8421bc589a561bc60fb0a26934eb51e3ea4f6afae69

  • SSDEEP

    3072:GnJXGWdqKKKqdoevVwzcs/niA0wAdWrjfre5Z0nVnWSOvgP8D1Xc8Uofj6ewIlc1:GnJWnUZzcVe

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2