Extracted

• • Target

    527a6d5eed393752abd31b00375a7a3f3fed39a8d6ca3ed8d9be4ec03f2a434f

  • Size

    3.5MB

  • MD5

    ebdbc96627329bb8b6eeda0281eca2f5

  • SHA1

    3f8ebde430e5c9e54b4ae0e5ab105c70c55456cf

  • SHA256

    527a6d5eed393752abd31b00375a7a3f3fed39a8d6ca3ed8d9be4ec03f2a434f

  • SHA512

    ab6f8500d0827437e52074d4961c2d0617730040845e42e1bdea28a4e429550336afed28ff834c4475134eb886599e1c9affff104c02778c246ca4e8f71a5907

  • SSDEEP

    49152:c05SgcRcCaFhYA/bUPVee2ZwBgFCxC2FNklXt:BNbyseNe

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2