Extracted

• • Target

    Bank Report.exe

  • Size

    609KB

  • MD5

    1c56714ac0acf4ab07e27bb124c0f487

  • SHA1

    8a346e06301caacf0a86437293bbbaa48f3e238c

  • SHA256

    192c5860a708f4d8c7e8ec491d765e3ba28bb6102710083ca3fd961bdae183ce

  • SHA512

    c2cf9cd3ace575f03f684236ecf8c4c7a8e548921f28ca7666a702419d8cf9255844a05564faa5c66133ba8a20468f692363c01172aedbe155b42311940f00f3

  • SSDEEP

    12288:d725c5KQJaPpffEhZIVgrFkwBLC3KBzb8v7v4UR3q5t72OUg8ao:k6YPpshZooXVCaBzb8v8UR6F2m9

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2