Extracted

• • Target

    Pedido_2523068.exe

  • Size

    593KB

  • MD5

    bbc3b8387f2843611823c1ae3870533d

  • SHA1

    d9608eb4ba75cbf170dcd46cb13b0ffd73e010f5

  • SHA256

    ac55de5007190509ac37a6bafde72251a95fab454e879f3e1d40e28de4f04c98

  • SHA512

    6d55eedc83c14803fd0cc90ddd17e7cf72686f832e04755b85d563131a528a1ca448b860240e437fecf644e93e1172f9eb9c87c734c0be27388310b8ac41a25a

  • SSDEEP

    6144:szbuKYCUKwax9oK5TBH/hGmAB227vd0B7ljrdJVmbTsOJhL9DYRobcmH8puz:szbuK+u9BAVmvd2bTxLBYRoBz

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2