Extracted

• • Target

    statement of accounts.exe

  • Size

    823KB

  • MD5

    9c30d0c7e1a93c6b102c00e8921a974a

  • SHA1

    612db60d42c16a5710b1c992d586601dc64abb91

  • SHA256

    97510781022a321a48583288da5c06aaf7492d673e6c37c34133e04a74485503

  • SHA512

    d3108b2ddfed7e2299f6b1fb72fe074e9ed84ccd935381d87669b88b2b6584aa1d97a62921c31bfd2cb24c648b5b1be80fe9efbc6fe67f8fff0003c9765a7bac

  • SSDEEP

    12288:+E/hefqqG4yPaKGGSKe4chCirn8MsNspUZM25F4vnKajJ06Fy2Mxzo3:1eiqG4yPaL3d2xnspUbyrJ06F0xM

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2