Extracted

• • Target

    SecuriteInfo.com.Win64.PWSXgen.16698.32595.exe

  • Size

    2.5MB

  • MD5

    3a1b81c6763af1d0d35082ee119c731a

  • SHA1

    de17332d6c29afd205611f1abfecee207a91bc7d

  • SHA256

    8d48681090810cf096230ac8e6900c4cdb22d9872622ba55f9d70c1c1ca32956

  • SHA512

    03494a5db06028f23c4cb77ac574e348f1374a66ccb43236fa09fbc0423dc98c21cd618210bc1a52e88c194c3786e8cd58511c8ae12632e03fed1371df2c541f

  • SSDEEP

    24576:7qCdMP5SdezpyFNrhSCPuoX0k6O2BusxExVJhewLg31+mYGnKBF1JETXHOa/8+UW:7P6hSrcCPT0JwLg31+mYGnKDkTXph

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2