Extracted

• • Target

    RFQ #03664710859027pdf.exe

  • Size

    1.1MB

  • MD5

    88812311cbff6bab5d756b3b130e551e

  • SHA1

    9b37df7a0b6bf1d1ed75368133f11bbcd89b71b3

  • SHA256

    b3c89f0bcc8afc69982ea701a95090b4cbba55fa66dd182e0da29204382f30da

  • SHA512

    683ecd5d3ce4a6404077ef7225e30be3f092b74f1535cd21164d830f6051809d59f14b8ddc59b46c79a56b05ef5e1f2b1a56356dc8b542a6f86ba7eaefbfc321

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLKmFwehb0xNfuwWArnoi+402:f3v+7/5QLKmeu6uwWgoiJ9

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2