Extracted

• • Target

    bacc08d25aedfdf5da8c59f2e5b78ba5d8a3adc8ab533044254a540b7ff57ef3

  • Size

    1.3MB

  • MD5

    607a057798a21c34121f7f92c61f029e

  • SHA1

    32972244e217a749728d7299bf080eb5690a85b0

  • SHA256

    bacc08d25aedfdf5da8c59f2e5b78ba5d8a3adc8ab533044254a540b7ff57ef3

  • SHA512

    7df34b188792e9b437bb6f3bff9cb05cd6f5bd6888ce63618b40673cb73c77154f8c2c3a28dc8d8dbb5f8484a4dbafb577661dd449d1f98cddda2bd5271129df

  • SSDEEP

    24576:S5EmXFtKaL4/oFe5T9yyXYfP1ijXdaWaLc0mzIvd61XxD8oibXsZ:SPVt/LZeJbInQRaWIm8vd6cdX

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2