Extracted

• • Target

    Pagamento BPER Banca _Swift_copy.bat

  • Size

    18KB

  • MD5

    c5338abfdd743b2d233198612c70437f

  • SHA1

    eaf6bcc0f25b65400fe7558ec8113ecc0052134f

  • SHA256

    9aea4a9e347ff1400444bd839ba7a573a5836d9133b5f2986662d847bdeeb70f

  • SHA512

    b27a0236d8cded26ba2ed3b73f0c700a3ae4444588611ac63383d68b23629e7c627bfb6c772aa990ce2230d0dfa42bfef03e9d030fc76e25848b2da9d6759b72

  • SSDEEP

    384:V5nHmivmk4mm5K89C5KRBc5TgUBP9yYRwP:V5HHvp4fKx51GO1yYe

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2