Extracted

• • Target

    90571c5bfc6377e73e86925d14ca0bbba8a2208b6166adab282c1456cf82d8af.exe

  • Size

    914KB

  • MD5

    0379c25c0cd58d4243823b136b8e5f99

  • SHA1

    352ac1d090044e7ff739b6b7182491c36e97a82a

  • SHA256

    90571c5bfc6377e73e86925d14ca0bbba8a2208b6166adab282c1456cf82d8af

  • SHA512

    f5d8d2851f857e36abef7564aa8e7e69f753972ea19c0744c18cdce555725f36bd6cd70194572e5d0137da4b492962ed08c4c0d98b4d408c7f1f9097934beeef

  • SSDEEP

    24576:Z8NwSIOU6QJKm4+a1qalQdvf6mNdxFLNxwZpzjU:aySO67Pqa4vd+pzA

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2