Extracted

Extracted

• • Target

    SwfiMessageMt103 $45,000_doc.exe

  • Size

    1.2MB

  • MD5

    476fb4775f14d9b1befa243e8e4bad0d

  • SHA1

    7d1e24761ac41f3b8df68ec151b2954933923d58

  • SHA256

    bb51d12b27aa47453f879e2ade5058f7c08c3db72915bbf74f3d925a1a4c6ff9

  • SHA512

    bd5afca9c7986f3e09918d1bd5c67841d63e23174f0f3eba5d426810d586eaeb415f799e4208272eb2701b720943614623d99a8d0e4f12bca1166a4d0e5bdf64

  • SSDEEP

    12288:AA94yYOoodIG7eVS7xFNJF/+KTCBktSMdPWsLlUqFU/3JrjWfeiu2cJinAYixFsO:7yyYAdIktBZn2Bkf8S43JrSbYsqe94l

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2