Extracted

• • Target

    Quotation Order #3344#. Inquiry for the Quotation.exe

  • Size

    537KB

  • MD5

    e9b2b9f88a84f5dbb4b9a846d003a628

  • SHA1

    d27e07c291c15ec3178b8d743dc76dbbf8d15380

  • SHA256

    991b777e3fac0e7150a7b0b9344aee001911ba43685a7d1f9b11d56e951c3732

  • SHA512

    c7316e37c50824251068b48d2900442ef5a1e4cb4023aad5320c3d996deb8fd1e9a8f43b82a5f59e10d98d9c56022c00f61cc7e73540874d9e898043ebcde3e3

  • SSDEEP

    12288:6ozGdX0M4ornOmZIzfMwHHQmRROXKWOE1VXJsJEWg:64GHnhIzOaWFVPx

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2