Extracted

• • Target

    Comprobante_swift_9767864574756346523546576ds8977564534253465789.exe

  • Size

    1.0MB

  • MD5

    44540fed4d01394f0b4af89a372f8e08

  • SHA1

    a97259381e49377b7306b37b3c3d67950a9c1639

  • SHA256

    95ee92373414af760fdf7f450b166853a7ddb7e071991f86397cae1a278618f4

  • SHA512

    051e2d4a21d17c476608c42f877b6ee6daa9f41b6fa83ad08863a85528f1c68631fff85bc70950b66a27f1055d31c47f3fe010d28c7af45eaf8c251838a4e594

  • SSDEEP

    12288:PCdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBgaJTHl9nX7AS:PCdxte/80jYLT3U1jfsWaNkRuiSUQ

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2