Extracted

• • Target

    a53824c68cea6c410be5561eaf640bf0b20c3de969d082b79dc4b390d7b21935

  • Size

    906KB

  • MD5

    e38beb354f29776685dffcbc6befb9ee

  • SHA1

    cdebbf397b49f4735afc198023658e53da805f5d

  • SHA256

    a53824c68cea6c410be5561eaf640bf0b20c3de969d082b79dc4b390d7b21935

  • SHA512

    4423d22d776324af91f2e8c14d70a8524480817229630d32e68261caeefe4cb235043a226a3dedd7f971e52094849ddd981c626371ce56dc2f6625d0daf522c9

  • SSDEEP

    12288:rrUufjVpNKUF3OjhlYnf8KPGNaTp7WbGPaUGvKN1ZN0p05aWc4hgOxwr:XUsGQOjhlYUUGkp75GvKyWcM

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2