Extracted

• • Target

    e2aad65f21f0274456ebdc45549a3a93f531a769e3b6e69e6d66ab3c2388e2a4

  • Size

    2.4MB

  • MD5

    3241d74f43e1bcd2fd46948b6d610cf1

  • SHA1

    89e3326150b58ad23091a159fe8292bcf7c629a5

  • SHA256

    e2aad65f21f0274456ebdc45549a3a93f531a769e3b6e69e6d66ab3c2388e2a4

  • SHA512

    df886300926881264021427926cdfcf5841ae9ebc641bf9d4ed38eab2f5d6d5240375f7341ced6754585ea721c3e3888d9f67fccde5e4d2e75c23a6f6b2e489e

  • SSDEEP

    49152:23ASbdYAm4zEbdYAm4zWbdYAm4z23Ag3AWbdYAm4zSbdYAm4zO3A+jjtb:kA4drWdr0drkASA0dr4dr8AU9

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2