Extracted

• • Target

    malw.exe

  • Size

    799KB

  • MD5

    93c25551aced91a643d24278fa103d17

  • SHA1

    1eba6cee3daa1e5820e7d9148662ca2bd41f71d5

  • SHA256

    b7b22e06abaaf27a5fb791990312a3a5cee1546433ea055d3341a826b003da09

  • SHA512

    fb7be5912639366a36bc5f45f045015889e5a1f0696f7c32a305827d280991dd896e7e6098cfb7065feeb8876eb7eda01fa33c0c6ad395e675a2b28ddffdce9f

  • SSDEEP

    24576:KTd82SXRRIyaQ6aw7lUESJVufn/VgvVY:CXSBgOQzSr

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2