Extracted

• • Target

    a0b2cffa58d3edc92be62162d3840d804a2c908e7e23c2d4c267a7bb21e72a53N

  • Size

    796KB

  • MD5

    b0297f4a50031006081048fcf1e32240

  • SHA1

    fe9ffc5434a982600ed015247a6d0421a5862db0

  • SHA256

    a0b2cffa58d3edc92be62162d3840d804a2c908e7e23c2d4c267a7bb21e72a53

  • SHA512

    cef53d937238d2a43ca09c11a7fef6532cb8252f557fe1c80c7da866f6be141d4d8089f1b709d3920a16058797587b8012e2c2ef0131136581786b9059b6a7d2

  • SSDEEP

    24576:jTd82SXRRIyaQ6aw70UESJVufn/VyvVI:1XSBgOQ0Sh

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2