Extracted

• • Target

    24020238 RVOOIN-16-0077.exe

  • Size

    221KB

  • MD5

    1b609ec45815de8ae1b665dfa9f374d8

  • SHA1

    086ad42a52b239902e0205d8399a3265dacdc970

  • SHA256

    e1d5abc7c22da2d3def88a5118efc2f1c6349549654dec4d65ad477218244420

  • SHA512

    d0480f7162e8293b355e8c0a08bddf8bc3a040677bb3546639f69f4d86eeee09fce767738d281ea0acf1e8ed058771e0090db03411c3041b7b567996f77547f9

  • SSDEEP

    6144:BmANehKKjF+cuM/GM8I0nbu7hWEECv4r+ViK:BmANehKo+cuM/GMsnbuoEECv8

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2