Extracted

• • Target

    NEAS.480c40b5f2db0afbdfea03814510e4106ccac4fb4f7c3b694ddc0a09206d988e.exe

  • Size

    5.2MB

  • MD5

    6739c4558368ca1e2702256ff38b173e

  • SHA1

    5c3fdc7abe581e99fd4b6e4dedc2df934dd6e571

  • SHA256

    480c40b5f2db0afbdfea03814510e4106ccac4fb4f7c3b694ddc0a09206d988e

  • SHA512

    59ba04a53948862f14eb66b24b7d96c5b333b111e31b85f7dc001ae5b9c644c80792cf520ffb0852067f4b8a84d160d6b2ff0fe6bed899a82fb13107fed05bcb

  • SSDEEP

    49152:FST3/D3jRgpXQbrnX1bXDt5IR9HJhBwcA2fHPuFjyvx0UUeX0r4qCimrS9o2LEMt:ksrdMq5oqcXUfw/

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2