Extracted

• • Target

    SecuriteInfo.com.Win32.CrypterX-gen.2687.24925.exe

  • Size

    1.1MB

  • MD5

    d7d8b4814ef189a5038a0c72d3db507a

  • SHA1

    a4857611f1da196593a390ad9cfce380399ffc8f

  • SHA256

    db802f34784957d3338aeb17fa23e3206d00dba3c5874e9bdfae25edb0691dda

  • SHA512

    5d33a48b4adef572c06144821716cef3bee3e8b7affcac66c3cec65ae1778f4b64f5bfd188d0c63022ae21a36e139f03d8ff19e3a2f8a5d1ba833f22309e9077

  • SSDEEP

    24576:8s82gTbQXfAgN2T5Oma9p1DqOkmdq0asUSzDfO/1yHas8k:oOmnOkKasUSaf

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2