Extracted

• • Target

    Notificacion.pdf (26K) Notificacion.pdf (26K) Notificacion.pdf (26K).exe

  • Size

    1005KB

  • MD5

    ca278d1f75ba838c94bbcd345efaeb2a

  • SHA1

    799d4a14d169577b093cd940af3665aa74cd6e96

  • SHA256

    d41958cd03f3b6a5d35bfffbe5ac6433df12e1219958e7a2e6e79ccfb8c9163f

  • SHA512

    a3ee4b8b74b2fd1c0baa4ec4deccf6caf3348e2a250b302d7d7d2f6dc896f490e81e58159a19df9fe0b6d82e291109f9df3be79d53c8b61e5260c40d120e5cb7

  • SSDEEP

    12288:3CdOy3vVrKxR5CXbNjAOxK/j2n+4YG/6c1mFFja3mXgcjfRlgsUBga8T5a2N8GdM:3Cdxte/80jYLT3U1jfsWaM5a2N85EpQ

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2