Extracted

• • Target

    78d2fb60645775efc2137c4f4dab8f737724f9936577f84fe3e3e01622e9770b.exe

  • Size

    547KB

  • MD5

    6a3e64245750119d24753bd8d08d8d1a

  • SHA1

    5ce6779c0181ff371b64d8721d48bb42ecf9d171

  • SHA256

    78d2fb60645775efc2137c4f4dab8f737724f9936577f84fe3e3e01622e9770b

  • SHA512

    0e229446d5491194433bf3ed03927e70d10e6a2daf9171e8fc247dc2a5b9a7028c11a83b121e41a616dda89fb0300be910bf07e677071ad2aad2fdddcfe8bca8

  • SSDEEP

    12288:zquErHF6xC9D6DmR1J98w4oknqOOCyQfZu+v7h3X4RMa7VFY5R:Krl6kD68JmlotQfZrN3nag

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2