Extracted

• • Target

    IMG_1050327.exe

  • Size

    67KB

  • MD5

    e45056752a5f559a66abc1f765090c9e

  • SHA1

    74274710275f8b155e9d5c2e8b4ba501103f12da

  • SHA256

    ee706a6a19c17a2ac333e1234dc449e850eaf2b6180489060e45527ed6d43bd1

  • SHA512

    63c1ddcfbb1b2a80f0b66df4d9d35e91381010e3d50816e64c1e45fd3ede65efa1d8231a6ae757ab025123eb5db2514de5afff73ba871a11674625d96067be77

  • SSDEEP

    1536:BxZEDve8odoLHsUAGwVJFrsGd5ZhkoDcP03iInv/mq:B4DtodoLMUAGYJFrsAHcc3rnv/1

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2