Extracted

• • Target

    59abc4a713c88e3ea82a5375c1e0afa6a652a3531bd1586201da2004b916d33b

  • Size

    1.0MB

  • MD5

    b5ecf3e4d18b103ac8a48f1e11eb6f2e

  • SHA1

    8a7b26236f30b5b6d7185271931225b40aeb9b63

  • SHA256

    59abc4a713c88e3ea82a5375c1e0afa6a652a3531bd1586201da2004b916d33b

  • SHA512

    b03e9d97bd3f254ae877dedcf3932df8286278ec182b8555446a57021d82ba5a51123a4a1207d046a399c0d39f2459a62b9086eae58000f48ed881bf327e8117

  • SSDEEP

    24576:Xu6J33O0c+JY5UZ+XC0kGso6Fap0nedG3Wm5sokWY:xu0c++OCvkGs9Fap0WG5WOY

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2