Extracted

• • Target

    SecuriteInfo.com.Win32.DropperX-gen.15213.5384.exe

  • Size

    107KB

  • MD5

    5722ebe4439818c5bfe90b4bb6db4cb2

  • SHA1

    30482cee4fd0b59904311effa01b9b7ed7094892

  • SHA256

    dd7ace63ca3c3c6c8fad312a3b8fd2d022364bfd04228e511aa6e72d28c00e5e

  • SHA512

    f281f55ea30778b79f8aae6435ae787b538e071113e8ba0f6e4dbcb8c332b0c3a414a1648b9c26d64fd8ba6b7cf867367c43851337bfb0091ff675f7f171fb05

  • SSDEEP

    3072:YIcgv0klbLsuZ+cBtLafVDvZsF7d0zA2MdU:YIcgvtlb7+AtLafVNsFJB2s

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2