Extracted

• • Target

    PO.exe

  • Size

    1.3MB

  • MD5

    911cfe476937e7f4aad553bc0814e802

  • SHA1

    0e8b839716a75991db3f26c5c768059f1aaff27e

  • SHA256

    b65f542c74ced21ba853b4840f0cfad311027e518b1c3925bd530a2da424293c

  • SHA512

    024749dbe0672625ced0f2e9b2039ba20d4b6f9ef4d5342678773b309e340f93769f081962fece7b2eed4774b0e1869801e0e773a353949c073a89b1d28da1ad

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2