Extracted

• • Target

    1a05fa77694a54fc6183c52b951fb0f9db8aa8fa361e2d676f50ed875de39943.exe

  • Size

    1.1MB

  • MD5

    97deb6c223aa4c607e301b31a8326896

  • SHA1

    3dde7134707254ecdea8691e771283defd5c3d21

  • SHA256

    1a05fa77694a54fc6183c52b951fb0f9db8aa8fa361e2d676f50ed875de39943

  • SHA512

    da0998b3a4432876100ff00dcd50b8f77bc631423b0b04a7c34b2c2a5af2bb3a0b4fc3df39b08b79dcca7f8173146f05eb0f40a0de1992c4a04c1296019675e1

  • SSDEEP

    24576:uRmJkcoQricOIQxiZY1iaC//sUJ5VWUD/pjgit5c7inL:7JZoQrbTFZY1iaCXZDWUD6sumnL

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2