Extracted

• • Target

    QUOTATION#231984.exe

  • Size

    1.7MB

  • MD5

    319307604d727fd2caeac236cb968b27

  • SHA1

    c0723f45066f65812092eb768f994bbea5683085

  • SHA256

    78d2c30f07aacb40da92c21af1dc660a690074ee35da707c81d06d146c631a28

  • SHA512

    d2e80e344da7129079018f853e70dc26ac5080e79c5cd437cd3d5dca8c9c8617a691fcd97bd1def266edde2de22cbfa4cccd6350dbb5ebdec9654a06783b222e

  • SSDEEP

    24576:CFJvj8ZE/OK1yhYcp/2111VD+7AB7L+KgyrrrrPrF0BMnlE6AE6nnjqKoep:C/qE/OEGh4ykODyFBnK6ejqKoep

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2