Extracted

• • Target

    CBD POF USD SWIFT REF 82900199992100000828819147822-PDF.exe

  • Size

    3.5MB

  • MD5

    f017bb99e5427574e9acc862cc685995

  • SHA1

    a7186e398a91c3db3f79bcfb834e41d9558fcc82

  • SHA256

    6016538c02f6ddd5e06a392986e79c9f219b28485dd8cef5c3864d7aebf773b1

  • SHA512

    b5e9f4ab3d412e16ce587e6c56a4aa64bb984b84ad5d53f16f471368cc41dd73c7172beb1700969421496fd0539b7fa8a4c29d916330e00cbde1e7d4b682d04c

  • SSDEEP

    49152:uk3d4Ss6/6rR2Ug+cKYYW6ggFmX7IILowNFgKj9rw:PW4U4aMCGr

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1