Extracted

• • Target

    a4e30ad760c55214159138b43ead262244ccc7cb0fc521652d121b80435d49c3

  • Size

    100.3MB

  • MD5

    ccc2056fa2737a8a08113fbcee501682

  • SHA1

    04ee26eaa7dcf8eb3fba48b65722376d0645360f

  • SHA256

    a4e30ad760c55214159138b43ead262244ccc7cb0fc521652d121b80435d49c3

  • SHA512

    2d81d33d7b96ebae01bfa212c0987e1a2dd5634a2724ed6388a83ad068971349ca7d9c3e680caa791e923809bf7f97c7edaa2c5d05a80f3d073886e6469653ae

  • SSDEEP

    12288:LLkcoxg7v3qnC11ErwIhh0F4qwUgUnyI8rXgnBsicir5Wdc75c:/fmMv6Ckr7MnyI8rXUBsiciB75c

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2