Extracted

• • Target

    COTIZACIÓN2025-003709.exe

  • Size

    547KB

  • MD5

    acb06788c73e433473a545fe83823023

  • SHA1

    4f5f29eea50f6c4b1ad966af8d0761857d3cdc95

  • SHA256

    e6ca722fb31f1c9f6db25e77b2661ffddc55d8a3a4ce2ef3be7f6c65523d7554

  • SHA512

    127f0302e2eac5d725337d22a520b35b92c821673b26f5be941eca165c41660bfefa542e0b50c5d1d582ba90d1c0c7774ee268b9f64e86df28b160a7d6ae659b

  • SSDEEP

    12288:XozGdX0M4ornOmZIzfMwHHQmRROXKWXUmd1Ph2TIoOCJRw63kLRgdbihJ:X4GHnhIzOaWXU0F4OiRPkN8cJ

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2