Extracted

• • Target

    bank copy.exe

  • Size

    719KB

  • MD5

    ff4026a77a99a313617c3c340d3df719

  • SHA1

    bcc53aa8607277724e62361991b0be371f074ca9

  • SHA256

    642313658b6a4952937dedb17038b00228c6ccfe6f8c4c4f478c7319e6071973

  • SHA512

    aa8f9231377f98772b8ebedfc88f2864ceca2c1fa2fae883404672afa97fcc8cae7da7f00e8a6ca6fc8cb1d0ec609da2bed3b6b38a6a152d36a2271da0b76140

  • SSDEEP

    12288:4MxXmahZxYbxWtlrYUeAzV3bbAsdsQ0SK7m7K4sHgcpCYrNZyl:7x3pwxmlrHdhs97cICQZ0

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2