Extracted

• • Target

    ORDER-SUNNY 10005916.bat

  • Size

    1009KB

  • MD5

    27c302e3247d5a9f8fce50cfba636e22

  • SHA1

    7939d397dba283814967080fb37913d9076dab49

  • SHA256

    1dcd0d42ac6d49c7447bd11b3c08d26b3e03d1000483c8ce1ac6914fd249a6a0

  • SHA512

    040e32f01348045b4a9d65666e7bb966150b3ae34e6078b23c0d3c58a8f18e48096091e05ea5bffa09a4f33f93a441e4767a9d9468e8d3f4adbcfc10733b4c70

  • SSDEEP

    24576:hHOmVihj9V3HNS0B0dgIx4l0ivt/Ixdt+gnfpV6gXhtnLPv+yqV82DqdFUWvw:h6j3fpI57zPVqmTgj

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2