Extracted

• • Target

    372ef724cb2ba60abccfa7f0ac12e571059a3b28620a54a97a163a9b5a7205f8.exe

  • Size

    1.1MB

  • MD5

    bc156f46d50fdebb471a0a3daf71ead0

  • SHA1

    bc1ab193c169b194af205a3215da6385f2e0dc0b

  • SHA256

    372ef724cb2ba60abccfa7f0ac12e571059a3b28620a54a97a163a9b5a7205f8

  • SHA512

    f6a8b48ab987bf0f25e8747361a309566a40b3b6f1afbf6e459099efd48dd673603941c66025924aeda64ec95f6b093c941fd75719310328ca691e2682849d48

  • SSDEEP

    24576:L9diHWuYeyoQlSKsh2aCGGoEiFN38cyc4vITabo:L9diHfYez3hG0NKHrbo

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2