Extracted

• • Target

    CBDPOFAEDSWIFTREF8290019999210000082881914822PDF.exe

  • Size

    3.5MB

  • MD5

    996e8a56754289b12368c9241074ae5e

  • SHA1

    776be5998df180449446f656548b586c04e4576a

  • SHA256

    1d8e06ad54176ef3faa63ff7f9cc4f6309d0f90ac75d9379308a36b85e6c4955

  • SHA512

    a8190cdff462125b33716761d08359918397f3abad5cc3d08d3177f823f7ada68f1399d53bdb96d8e188cfbe23bfbc8793b997b2c18f3d04252c1be8f590dcd8

  • SSDEEP

    49152:q05SIbcRH7CT+crs48aWjE/gF/NmkK+c3XSMkbhe:bRC/vg

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2