Extracted

• • Target

    ee1fa2339cd9e8abb1b7a19f92d9e1f66e174cb8a280614e3162160a2b927bf3

  • Size

    76.0MB

  • MD5

    b1b54b694a9df20a81213a8d00577966

  • SHA1

    a4e977867bc7e3d61e37590a9c4d00e61ce75bb1

  • SHA256

    ee1fa2339cd9e8abb1b7a19f92d9e1f66e174cb8a280614e3162160a2b927bf3

  • SHA512

    4fbf93dd1ccf14748fff93cfde716f68da255d5cc91b917dacf58dbba1abfb9b599ac97a96bac8679e09638e0b4cbfed3f8a0427360c5ff8dc21ae9a839c8c5a

  • SSDEEP

    24576:Qtb20pkaCqT5TBWgNQ7aSCk+Zt8OR1pLSfvp6A:ZVg5tQ7aS+7lfRSp5

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2