Extracted

• • Target

    d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69

  • Size

    492KB

  • MD5

    09e1a3c55cbb5301bd7fd0999cc4258b

  • SHA1

    2cd3da7a201961bf063246579b11fcbad5774994

  • SHA256

    d325d9ecd5d7b1e7871de63f0807aa53457f82985845a9a6a4e45c0102a9fa69

  • SHA512

    1b8021949803303619b91964551a72d986ac703c36c1db336c636cf529e8cf26a4161c1f382f27f33ca7675e8f9667dc4c6b0670c50d824d37083dbbadcdcbe8

  • SSDEEP

    12288:g/64ce865hvybcRrJz2nHp31swuzv8LUpIvn:gpce865U4Rtk11s1T8D/

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2