Extracted

• • Target

    bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e

  • Size

    658KB

  • MD5

    6348941741d25ad4a6210eff2087c178

  • SHA1

    d6f946c15298cc3942486cc8f703e50c3f621335

  • SHA256

    bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e

  • SHA512

    fad70434447abde63105ca1f7c6b366a4f952eae1a6994b0adcdef750ac55cc88cd39d4ee0ee760e6caec0cb3b7f2f159f1866e277c139fa6c2771b9c960e3aa

  • SSDEEP

    12288:sOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitC1xWV/ugVkH5P3h8pLBM:sq5TfcdHj4fmbEC10/LT5a

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2