Extracted

• • Target

    Orden 548850-30-AG24.exe

  • Size

    983KB

  • MD5

    a79b9aaaa383bfde29d24a1f4e139c0d

  • SHA1

    1cc0fb4303de74ad0561053f274eaee0819805da

  • SHA256

    33f6b0c267f7fbbe29ef7999ef91a518f06411e6270efcef44623c2e8c3ba66e

  • SHA512

    b268d32574fb05cac2b7b4c6c648c8455d2c13a4d025f1aeecbcffceca50f14581960b1a87aec905cc5e316d69ea08073363f9ad7f83c66b67bba9f8538c2423

  • SSDEEP

    24576:Iq5TfcdHj4fmbY6Z9qwIWVyaad8a6VQC+eHh3M/Bv:IUTsamc6Z9oRya6VQC+oh3M/B

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2