Extracted

• • Target

    a47b0a1c00799396c4b7b3df67dde47e2518c0657d634333f5c5c3e4cb6f7662

  • Size

    860KB

  • MD5

    4eca898bf9412c9bdad5c4f648c42edb

  • SHA1

    b9992977ecb115e8469a752398c3bf2f520c50a2

  • SHA256

    a47b0a1c00799396c4b7b3df67dde47e2518c0657d634333f5c5c3e4cb6f7662

  • SHA512

    d881ca213a5763f0cd55f8479ded38658d39002431427b3ae0359bc72131b3d3840f75c10fe620213144a0ecdfd3f2e17fd3acca6cd665b8e097587e1bc32de3

  • SSDEEP

    24576:/RmJkcoQricOIQxiZY1WNy7RxKdCij1IN:UJZoQrbTFZY1WNyCC21IN

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2