Extracted

• • Target

    transferencia_BBVA_97866456345354678976543425678.exe

  • Size

    858KB

  • MD5

    5625cbf471e51e71ede214a1236ca612

  • SHA1

    d07a68d0d95ad9855d096e3e8ea680e31afd7e7f

  • SHA256

    e5b6cda78a342ea9f8f9f62853995a251ef13ce90dbd18a80195f460852a94e6

  • SHA512

    2fe51828e092723dad0add4601c01279478c34af3cdee530bc03005ef912e8e438b584b45cbdb7b6682d4a14b801267835f65f4b4b1edf477093fbf11ea4d090

  • SSDEEP

    24576:5iUmSB/o5d1ubcvi0X6qMhXRqOyzrNMZBZT:5/mU/ohubcvi9xXk1zpMZB

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2