Extracted

• • Target

    b2ed6a968a12c915ec5ee2ff4b53d79fb2ec8a7a33a4c630e6ad4af86cb5c23e

  • Size

    487KB

  • MD5

    1981628b46d35395a53df3ebc0f5f50f

  • SHA1

    4d72a38820d511705bd27607dabab10ec110b702

  • SHA256

    b2ed6a968a12c915ec5ee2ff4b53d79fb2ec8a7a33a4c630e6ad4af86cb5c23e

  • SHA512

    2da0eb033038ee0d2584af277be48b701c70b30431a26bbb4902e5897985bfd3815d84a5f53274723c921f0cfd172eeacd0b5e2dd690c47f602e1f7ac8f3d283

  • SSDEEP

    12288:HdA7T9eILVu57Yahlh4R3lmTBENGPjPZ3hqMsPf8zja+TAX1xJ+rjDa7WcN6GLYv:uTBEuYvTY

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2