Extracted

• • Target

    eac7ca59f3b380ab48d1c46400c910b783d98aa99e536f7dcf8115a7d240807f

  • Size

    771KB

  • MD5

    6de815a10400800fc5cab138318fe07a

  • SHA1

    c14b5f38c05397d9171033fe40db5e71ab5825ac

  • SHA256

    eac7ca59f3b380ab48d1c46400c910b783d98aa99e536f7dcf8115a7d240807f

  • SHA512

    b2dc2321b18c4b639824f9d43a9e74adf8dfceba101d1554fb87b200748deb5a1c8934477e75ad70cf4018dd31af779033fdb8a15ce934bb57aa4b2030b0ede6

  • SSDEEP

    12288:v6Wq4aaE6KwyF5L0Y2D1PqLERO6KZRF6zWgdsWfw3YG4tsasr9MEgXlkQhjlXNyV:tthEVaPqLthMwDcf5VkQdlXNfO

  Score

  10^/10

  discoveryupxagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Drops startup file

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2