Extracted

• • Target

    7ee3a9afbaff41655fc0c37db9365aa25b3547ca1e728d02779c6214f8a67868

  • Size

    548KB

  • MD5

    ad8751d43980aa9ea13975c9d7262a4d

  • SHA1

    21f2bdedea7b043db2db96b7889eca6bafd99f51

  • SHA256

    7ee3a9afbaff41655fc0c37db9365aa25b3547ca1e728d02779c6214f8a67868

  • SHA512

    92be92e7f7b783a88a6eab6714dec4991f18aabec8eaf97391de61e98718399a985b63891d6d3623661a1e7194d98e9cc8f2114481d8305fd79d58a9582acb9c

  • SSDEEP

    12288:pYV6MorX7qzuC3QHO9FQVHPF51jgcyzkqCZVGmxXT5H4RH:eBXu9HGaVHUkHBn4H

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2