Extracted

• • Target

    Order 911799 - EM092722.exe

  • Size

    479KB

  • MD5

    705c1bddf0a01f9b7c32b5ede6e64ed1

  • SHA1

    43daf76d2701e02ca64d73a77c8de0c3d318c240

  • SHA256

    5b65bd3beffa01f08710d696c4011d321846c81ff8248e31ce9c4bc933a54d39

  • SHA512

    584c1243afd6df208878b9e2d6440018d52c1848c82fe938038d8f898e4b0ea2f9b478d22cc03230af0da34639a2b0a01de2f9d99492236527071a0e3f1cb130

  • SSDEEP

    12288:dL2Nnm0bT86Nlb2vbchfsC+mURes2nomyqGYt3FWzAh:dqlBb1mY+Qs2omyqGYt3FWzAh

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2