Extracted

• • Target

    Ordine n°24-00980.exe

  • Size

    588KB

  • MD5

    109d45c3b8f2be7efd8a1c72b58a7219

  • SHA1

    1ac06fdb16045dd3f2654b9e610fcf8abf53cff1

  • SHA256

    bc8c295e4538bde3e11a4a7604107998fc0b473cc7685462886fc97fbcd9d454

  • SHA512

    4a71e436ef8a4e19f7db733003b001026ca4333a6d558cad41ddac25d29bb452e5dc6f6526f330f8b0665b9d1c95cdef2258fd50a89f0167e6a9f61569081861

  • SSDEEP

    12288:JbcDSPWvpV5m057P2mqPCt15Zncw03El3183jbU2P:e2PWvpVk+2wdle3/U2P

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2