Extracted

• • Target

    674169e1125782c535359c827c3cb8da2761b204200e3a477cd4fb3c4d66ff11

  • Size

    1.3MB

  • MD5

    f398b1e1cf789f7a01929d158a198f5d

  • SHA1

    846543ae8ed796310b8f8d16409680886fa65e95

  • SHA256

    674169e1125782c535359c827c3cb8da2761b204200e3a477cd4fb3c4d66ff11

  • SHA512

    d5876f04c85f4546bc8a7bc415eb8b9cdc2f9c4ed2102f77e501ea164a02a7f44de2112a45240508be0c266bc23a8c17bf32a6bf082de3dfa8389b0613724ba7

  • SSDEEP

    24576:Dtb20pkaCqT5TBWgNQ7aLF6wV/Cqd9XniJs3L6A:AVg5tQ7aLF6W/L7nYs75

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2