Extracted

• • Target

    OC C6 2400116.exe

  • Size

    935KB

  • MD5

    a1fde113a1cc308535ac79c7bc7c8290

  • SHA1

    695ae6590d774693f233e85ffc5987a14af45922

  • SHA256

    765ace8a65fcb85916ba933317a10f3814d54c94e93c9a36334c6f7f21c0485b

  • SHA512

    6f1f7955b162e9f0af1327a0754aa6c5ed7e1d126e221221a03117629deebd2634e2fc319bf54c83f8ab801218d306f737a65e4a526fbf436b46e60cccf5e3b2

  • SSDEEP

    24576:IRmJkcoQricOIQxiZY1ianqPlJPXYHhGq8+L4:tJZoQrbTFZY1iaqPlJQHkqlM

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2