Extracted

• • Target

    61eb554843c600f6721a79589a31c5c198308ba747c1504af03f5099f6dfdd69

  • Size

    3KB

  • MD5

    e69758681e577aa06dfa9425821283b6

  • SHA1

    f9749f35eb63bb619d4990ba3d61221f9e5fe9cc

  • SHA256

    61eb554843c600f6721a79589a31c5c198308ba747c1504af03f5099f6dfdd69

  • SHA512

    be48ad8be7ca3e3166f6d574da5f18d1f0e1eccc5a832d8f8c61724e7a24ba7c2ec3251012a8ff5361393f62b69c8753b96249027d2f9c5bd78ab30d8fd6b53b

  Score

  10^/10

  executionagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2