Extracted

• • Target

    2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a

  • Size

    1KB

  • MD5

    0a03773457f7513861c5afa028f5f5d1

  • SHA1

    d4797df5db25241ea55e6c3926610b146dbb24c1

  • SHA256

    2751cfc23b245638cab026862d10e575c537c13644696556274f7114c758840a

  • SHA512

    44a33cf835fc3188c96f220054769b00d895f8e188b118534d6d78236a25f51862d94cfab9a0705abdb7ba8d8630f4739951d51c1b8c1e59d8ffbce78b025b8c

  Score

  10^/10

  executionagenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2