Extracted

• • Target

    f07180fb3406d5866128884c944ffdf7f38f94eaadea511df7de04893da103a9

  • Size

    1.4MB

  • MD5

    4a9e88b189826ab34eb966b269aa2847

  • SHA1

    a033b956cc2d9d524c69a64a4419d00e089acdf5

  • SHA256

    f07180fb3406d5866128884c944ffdf7f38f94eaadea511df7de04893da103a9

  • SHA512

    6d5cf91397921b78b563f2b0e6e1ab5538f6f78dafc0c8fa11ee8be075e7c9fe55afcdcdcb508c2c4a28e95b4cc0c4ac326ccff30db3b921bd4fad682a748bc1

  • SSDEEP

    24576:vB6L/l3gze50ACeq2QZ0eShtTwXcbku8wy0TK2b/hB1W8FazyJQ:stN0uqZ6DtTwQLnBcDz

  Score

  10^/10

  agentteslacollectiondiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2