Extracted

• • Target

    15431437f4165d46ccda4c1bfa6a8eeb49f4be3f9f0927d98f279766e3b3272e

  • Size

    484KB

  • MD5

    3997ea4a9d0892ffe39b999e77dc27f0

  • SHA1

    fd7dd092a389e1e67294243b85e3ecf6cd344bab

  • SHA256

    15431437f4165d46ccda4c1bfa6a8eeb49f4be3f9f0927d98f279766e3b3272e

  • SHA512

    1b316b37ee338c9ad9fc093e1dce6afe86aeae43467e2a11914453d8fa012b0808bcccf4320dba8cd9e7931f7a3822a2a1c3db302639de8d1969c186cb882bcb

  • SSDEEP

    6144:DaSdPgUiwsmU2A9DlbkaFlaNrjDVsfiYZX6lEXwRHQR:2SdPgUiLkaFYNYZX6lEXwRHi

  Score

  10^/10

  executionagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2