Extracted

• • Target

    DHL OVERDUE LETTER.exe

  • Size

    7KB

  • MD5

    6a0a9e6e1d0d18b353682868231719dc

  • SHA1

    388db5c1eb3474699a4a2c98716da0537e3fc4db

  • SHA256

    b3be1fe7098ff321491612d574fa9b51205e823f9883abe7f234aaa39f0a32bd

  • SHA512

    3578c62b1584ab16573d977fa94bb353b373c6307441a0a7ce31d6c15e67f609a42535a7f667f504f8b95d44031f4a953ab3594b0a127422719c3843342c4d91

  • SSDEEP

    96:3cVIpfDNi//Q8iQM3G4L9VDjXzKDFC9YRzNt:4Ipf0//Q8iQM3G4LznX+Lz

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2