Extracted

• • Target

    PO‮s͏x͏l͏x͏..exe

  • Size

    97KB

  • MD5

    78ab3f5907770357b36dd7d3ae612125

  • SHA1

    abdb9131b868cf9c92e1deaca80871ae5963a0db

  • SHA256

    33f038a865a11f88acdd1a781e956cb14c6a4fa2af37b598a28e01f142ec19e7

  • SHA512

    742fe51fd156787cf1361b8a688f8bdbef3fd8625c3ef8c00254d1bdfd60caf38a8bd18457705f745f980439c7af242eb6291d8e40d77c9037f8c82da0be2d00

  • SSDEEP

    3072:lbq/NHg/zweohUUWFsKJn2M0l67iTXOf:hqxg/zweohU76BJ

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Contacts a large (3999) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Adds Run key to start application

    persistence

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2