Extracted

• • Target

    1dc7d0f029aa044dcd3cd08ec2eb4c1cad19fe9a89b340c6183ff300c724e2af.exe

  • Size

    784KB

  • MD5

    547e0100de2c5949bd2d655f7e64a017

  • SHA1

    b6062c3e351e15e367f69f077ddd0d0c50010871

  • SHA256

    1dc7d0f029aa044dcd3cd08ec2eb4c1cad19fe9a89b340c6183ff300c724e2af

  • SHA512

    7347880bc7a5361dbbb9042602b5a13078b67a1acb0f30456ae43a3bf8df2d479025da734b53ff6f37987cfc49213a4c50a9f521d8cb7028f0fafdc34a319933

  • SSDEEP

    12288:v6Wq4aaE6KwyF5L0Y2D1PqLayIVdE+VU72ORBO9ThQngxI+sTELQI4si6JXunBDh:tthEVaPqLUNiyOPxaosPXuBDytC

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2