Extracted

• • Target

    INVOICE NO. USF23-24072 IGR23110.exe

  • Size

    856KB

  • MD5

    ee5297834a12117e086f4058579eeaae

  • SHA1

    58cf7e7768ac9f4523512a0478dcfdad02ed8bae

  • SHA256

    e6b1ed4a7622c05fc9ed9926fd1c8ccc18678d1100e8e59830f4734e95392d3e

  • SHA512

    0165b7816fef0685dfe1add30285f4813d8624304dc3e7ed1519a6b3943183e5670156bc2e19c6868690cbdfca1b28c635bfd86fa1350602fb0601bbac29c243

  • SSDEEP

    24576:qFPoZUtK4G0vhaOGuKKVDOUbKqNlT9CtH:/W00v8OIqNlu

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2