Extracted

• • Target

    ac4a2e0fd83f735178b92fa4123b64887564a55996c85c9e9bf62c7c94f78fc1

  • Size

    1013KB

  • MD5

    ba915559642dd97f19eecb3d6077831b

  • SHA1

    aac44d917caf2e6d5271c7359285b56162161c76

  • SHA256

    ac4a2e0fd83f735178b92fa4123b64887564a55996c85c9e9bf62c7c94f78fc1

  • SHA512

    c7ee47ba8a66cb485ed1e218379fd7cbb5e11391743b1e74eeda2719d8a624a95c4c430cc9b2b114ad3f70621556d121bfb34e8abe7e9ddf0ff05d85bc2588b3

  • SSDEEP

    24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaMGG3mBH3tEo/Fc5:kh+ZkldoPK8YaMGRBH3Go8

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2