Extracted

• • Target

    INQUIRYS#46789-SEP24MAT.exe

  • Size

    1.2MB

  • MD5

    07ccbec18681f1d2e98c33a62bdf89d6

  • SHA1

    391dd53228844ce76c1fe9ee8ec1d9c40731d2ce

  • SHA256

    9c08d64bbe7619affdc3842f4cbfa2f2d7e06d08aec3d01c0558ba133129c3d7

  • SHA512

    2309703110314b4d1e03d0f70ba91feedf0ca11893b11853f1a62cfe439f0cb8b2b13d06b980efac267e7d6f249ab84722375215e6ecb97cab0e4d006ec5ff34

  • SSDEEP

    24576:fRmJkcoQricOIQxiZY1ia3+ekxiX/7z2Gw1lODrQvTVZ/zAd7iy7:0JZoQrbTFZY1ia3+4K1k4z/zE7iG

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2