Extracted

• • Target

    SME940805NE7_Orden de compra_2866_20250117.exe

  • Size

    1.0MB

  • MD5

    e7a41d3a6376d834e88548ca8e2d5187

  • SHA1

    0ac56ad806f92ad780ff4e64e8610b102944aabe

  • SHA256

    72c492c3198f103c677df4abbbfcfc96a3f43126d9f8ef6426cd74e879405524

  • SHA512

    20e18f647a2e227b4c44a564037f744de3b6d6b4c2a9ef0a983f74451e1e9f564334ee4ecdaefa981bcb1a1cf911e2260ea15a65c13140188ee2bc7bfb27757b

  • SSDEEP

    12288:1CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaOTeV0tHJKF:1Cdxte/80jYLT3U1jfsWa2eVLTLL+Q

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2