Extracted

• • Target

    a139f98b85757d493ff6d64c9ccddcb3f8029f4ef53a97d8cb6c267e0cb941ce

  • Size

    1.0MB

  • MD5

    9af10e61f5db82e5b23876c1d02e1b70

  • SHA1

    8a764f25978ede61ca775038126d8cf702bdf71a

  • SHA256

    a139f98b85757d493ff6d64c9ccddcb3f8029f4ef53a97d8cb6c267e0cb941ce

  • SHA512

    c56c043e4a4449b50adf52926d149317caf4744c81411bcef3584b40b918aaf343f311123bb664ee25a4a60916c014dae48716f47a2424070ed804187661d347

  • SSDEEP

    24576:OqDEvCTbMWu7rQYlBQcBiT6rprG8av9+9a8itFUVB:OTvC/MTQYxsWR7av9f

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2