Extracted

• • Target

    Confirmación transferencia interbancaria.exe

  • Size

    539KB

  • MD5

    be37ea5702226bf6ed17a5031c2d75d0

  • SHA1

    c398fd238eb4c706ea7aff5c24cc0eaf93bcf077

  • SHA256

    7dd88bb379949c90207a5d476d7318ba98ccb6cb7853409c6d323febd28d318d

  • SHA512

    dbccef3070c62d1fa2fad4f81e1a8cf8d8a86e3a3e4b81a7dffa928110f7d2f1dc426141c28a52be70a0beaaed1d9d8cfc0079294fc85b06089d0c5e584e8906

  • SSDEEP

    12288:LquErHF6xC9D6DmR1J98w4oknqOOCyQfDp0ZOJovZNf9t7:Srl6kD68JmlotQfaZz7f7

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2