Extracted

• • Target

    db86e3bc6c91e2851f8cb119411c1ebfa404634013a03e47215250364a2ca9bb

  • Size

    1.1MB

  • MD5

    116a67dbea78637f50e441f9df02a122

  • SHA1

    0e1255077dae0d87d3a85cce45e18d767f35ffca

  • SHA256

    db86e3bc6c91e2851f8cb119411c1ebfa404634013a03e47215250364a2ca9bb

  • SHA512

    3fd665a18233aebd6cf32a086a0f77c16a95ea0fb6f9b43c5d3b41c4d65a79cd68c2a1b45bf9f6be04d182556da187b659cfbbdc05afa5e2e3b923382788f172

  • SSDEEP

    24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8a47GI9jfui:8TvC/MTQYxsWR7a47GYfu

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2