Extracted

• • Target

    Purchase Orders.exe

  • Size

    835KB

  • MD5

    986d201be0de714e6e89fdb89af8f172

  • SHA1

    95f4ffc07db4709c9d148273320cee228fbf088a

  • SHA256

    968be89e91c52db13b473bf5894e1b11de82551176fff293d752e388f7e83175

  • SHA512

    e6899b74da72a831f6f9a72e3b489f5b121c85590f73d1cc5112d34256161c3be208bc7d68a900e853365561c3bcbdc2d367b1b8231735ef107920701b14a33b

  • SSDEEP

    12288:IWuFITqcSpFKgLIvGTU5YakRORcm4Y2JGAfmjobA2r:MFnc4FtLIKakRDVhug

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojancollectionpersistence

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2