Extracted

• • Target

    HGJ7688.exe

  • Size

    1.6MB

  • MD5

    3e41f9112dbf536b22fe43f5da1e4255

  • SHA1

    8dd5d8ad791103f1bb68ef16f7553066d6235569

  • SHA256

    1627a54d0ecbd6b1a92755383488e7f50f0311f8fbbad850db051d1e80f54be6

  • SHA512

    688b76288f58182796d53510c5632af5113b447406e64b79e953db94eee031b9e8f0aec64e4549a9a572fd3d0bed231fbf8d86aec0b801111c7b8f6e1d14ce92

  • SSDEEP

    24576:c8u/Vjs+4S+/3qlrCNoh+UagIwhCNoh+JR9FrIJJpCNoh+7qy4/fGVhVqNqIjjuB:c8u/VQZ/iJO2URoGqhGJqNqlInut

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2