Extracted

• • Target

    facturas vencidas, 3445650098, 0099, 00976, 009668, 009678, 0056598433.exe

  • Size

    551KB

  • MD5

    1fd2a122f365f699c69d0766b8ceab1e

  • SHA1

    5c52d1db9d4b5881f5abf337b63720acddcaaff4

  • SHA256

    6aa9264537be17d166a1a5216f8efffb0c674f8ca6cdc15996c12da7c6ca33bd

  • SHA512

    0754447c235d16becb5cfe115d637176f9aa7d79ae65862dda9cbeeaf90095833a4348de2061733126448b812ba85851d4066ef918525815f728a5ccf5c5fe5b

  • SSDEEP

    12288:/quErHF6xC9D6DmR1J98w4oknqOOCyQfnVP3gH4ssNlmqO2lyMgIVFY57:Grl6kD68JmlotQfVvY4dFO2y

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2