Extracted

• • Target

    Po- Order 98540-00..exe

  • Size

    736KB

  • MD5

    2cf92861a9c618b09f22953f6edb73ef

  • SHA1

    3086128a86938e89cbb58ebe364229ef7eb7f5b0

  • SHA256

    c603271f1321b7edd2268827c0188b79dfb7847e85b128e47d7101602664ed4b

  • SHA512

    462b056d7722d891d1c82a3840fe4e36d2261bec1dbd93a9d21b50866988d55c1fb0fcb342573e4281e4ee1f1081408f44a86e2d23b51064c823607e187e75cc

  • SSDEEP

    12288:HLHqc3+GSueH5qvF8VUR5QghHs3I5ZR2eEkWooDNvUAu6p2sQJUGg7ombj/+9g5o:D/uGGqvLDvfDdWooDNHXWQsgFod

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2