Extracted

• • Target

    d4719004280501b5675b81449dc5cd9ed62dec2b35910f5b2322826cae5227a8

  • Size

    768KB

  • MD5

    6e52d06cde9fbf957369659a4243faec

  • SHA1

    7a015e133cb8f1d156569c41bdac576665a4ab4f

  • SHA256

    d4719004280501b5675b81449dc5cd9ed62dec2b35910f5b2322826cae5227a8

  • SHA512

    2affdd8fdc5fbb60bd13d41121f5981ab25f19dce4a91cfac5fc9f84372ba6a416387aef62f14db0b15580561a9142c46153500c36b07b86408045bc214c248e

  • SSDEEP

    6144:H5w4OqX+PmmsFQKChgCGunyluH5D8zG1tseCx8GRdoNie:HRZTeYe

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2