Extracted

• • Target

    34ad8ca9281e95d86ea3623952c97f1e6c39b59e39173cd8a2d35ca65de911b7

  • Size

    656KB

  • MD5

    44f8a8547df6ac0b74cd909c04005b3d

  • SHA1

    acb809bfe0c03ed0d4008c1dab7e76f71a8dc775

  • SHA256

    34ad8ca9281e95d86ea3623952c97f1e6c39b59e39173cd8a2d35ca65de911b7

  • SHA512

    5a33921b8f6adc41e31f22365e2ef472853ab5c72725c251ca2b7710ed4478a97f0c5199e55d010903f0ebd0adfae65caf544635f8c4fd5c143b83bbd60661ec

  • SSDEEP

    12288:uOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitNgsETqitmiFRooFwYtffkbrkV0Z:uq5TfcdHj4fmbENgsETqiZFOYtUbAyZ

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2