Extracted

• • Target

    Sigmanly_809767aab51beef5e228607daf87e53a03d96b5ca11d31d1ea21f78fbe07b8df

  • Size

    1.0MB

  • MD5

    11859bcb5a4f2da18932f19a39f71b88

  • SHA1

    e141ec8206896ff4f945438052cc1ad0dc828b4d

  • SHA256

    809767aab51beef5e228607daf87e53a03d96b5ca11d31d1ea21f78fbe07b8df

  • SHA512

    b00e92436742ae2c8008763aff1ff3b0f1ff0a7f9fb2e573141908281f864f33348b14c1206f9743a66e62d5efea006b23656e0893eae18cedc286b4178176b9

  • SSDEEP

    24576:uu6J33O0c+JY5UZ+XC0kGso6FaYUbrRHSE2B1eNMWY:gu0c++OCvkGs9FaYA9g6Y

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2