Extracted

• • Target

    b910f4f39341af6a71c733c4def9bcc2aeeff13aaa747d64f3a6f3e26736f216

  • Size

    1018KB

  • MD5

    0f32e62a9d8ec7b8593ef5c4891287cd

  • SHA1

    5ab6de6b131650b288913851f3d1f405cfc85846

  • SHA256

    b910f4f39341af6a71c733c4def9bcc2aeeff13aaa747d64f3a6f3e26736f216

  • SHA512

    170d7c3ff2bb0624df8a8b384a15194f8e8ba306caae35d1c5434e0f1ff3ab8c2a3c258b21408a106f3802f7693378295c8f77854849818514109a8914432b69

  • SSDEEP

    24576:hAHnh+eWsN3skA4RV1Hom2KXMmHaJFsHldRJs5:4h+ZkldoPK8YaJ2HlPo

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2