Extracted

• • Target

    e8ae346ea2979c546ac9e45804c6a6e5c22c8dc106046c24c91c9a63a167283e

  • Size

    341KB

  • MD5

    6999ec10578f5faebb2ee27471a9c967

  • SHA1

    7e4e105899cd8f30a3c5e8ef6815c9dbb1581e18

  • SHA256

    e8ae346ea2979c546ac9e45804c6a6e5c22c8dc106046c24c91c9a63a167283e

  • SHA512

    b4ca16c180193a143f95e7e82c7f7ca4f67c3bb71049bb0f8aa18cf75863fc0ae8bbe0decbef77db44b64bb46a4b2a3f5ffa0d112a7fb679042a166dbe2da999

  • SSDEEP

    3072:ApHzGkko4HmJo5LfN3OFI8ryG3Hr9ilNMz1grh/6qvUVEw3gSWo8siofh/:ApHVceI8OG7jxEvU9Qt1s

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2