Extracted

• • Target

    23cd69950b5ba9c42eaa5fb9e380c0bc6ebf4533404ede15a6ed0f6abfe48627.exe

  • Size

    3.1MB

  • MD5

    5a4907e21a350b8f5ec41bc97c68dc4b

  • SHA1

    901f3101d1ba75e8e49730959f41ba298cca12ee

  • SHA256

    23cd69950b5ba9c42eaa5fb9e380c0bc6ebf4533404ede15a6ed0f6abfe48627

  • SHA512

    8b7167d4f5ded57dd5d7b59c1e0716e91ab01a31e17386cfe8bcef9b95fb937de9079c930cfd98a291afee81ce4ad39451463832d09f64b57fdf51a7cdda5eaf

  • SSDEEP

    49152:HzBfc7DQp8TtBl1U6rHcSclWL9O12nGaSF5wNTiFXWgiq9ipyg7sduyGaacWVkXG:Hzu4GobSFqYlX63rzQ2S

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2