Extracted

• • Target

    QUOTE #21440170.exe

  • Size

    689KB

  • MD5

    6f20bdc25100357d2696eb7b48f6fb18

  • SHA1

    b6bdd55fe0b158ac6073001270188441feab9ad4

  • SHA256

    4024305f22679e7580e906744bba5ad9193fbe444c9b30b24845f135886a3c86

  • SHA512

    ffb1df83d229f917e90368d6c406b73dc020ada95386d2ba109f4c712964cbf7e9e275a5ed45fb32c1d467bde119f00672f2a9ef4cda8bcfd23591c089952d58

  • SSDEEP

    12288:lro7WxISxii8tnmH8FHLMMUAi9gC9ymc1pBWMm:l3xIYirtnW8FHM/9LB6M

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2