Extracted

• • Target

    UAE7890-0987654.cmd

  • Size

    792KB

  • MD5

    98078b4fc9598e0abf14580358bdb595

  • SHA1

    7569139aa8940c37ee30425763a9225042c9bc4a

  • SHA256

    be355266f38c5cddc82ad263354ea1de12ff6a9f8c008c412e22d94a30db6a84

  • SHA512

    2591c7169791a7c8c875355c92add12eaca36509707404dd0dde22cbe752e96637384cf59b95b7df985abb86f8d0a727dc74bc18b69659c8ea7e1bb8846c7c8b

  • SSDEEP

    24576:tthEVaPqLUgNxuELZ/u23IDHtoVJKzrJs02hb:VEVUc5NxHLA23cNqmFvS

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2