Extracted

• • Target

    OC 44076345.exe

  • Size

    854KB

  • MD5

    5b68db27ab57cfa450f960280e792edf

  • SHA1

    4c2ca8ba152eb0ed559a7805308cc627d8b99249

  • SHA256

    1d5cb30274b49c42891b071d9ac806b4b24ab8a5b940decb7534ff4bde52ea5c

  • SHA512

    bc3c526bf61f942582d285d49f61bf37a6bc444c086d45dbf745b0830ab945324e13e81552dc2201cfeb82b54bb457a848e10a4579580e3a598cdde26a1b5c43

  • SSDEEP

    24576:OthEVaPqLrINApV8RhDd7gzSedjwoVvakS7:WEVUcJpeRhDdEWezvaj

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2