Extracted

• • Target

    4d6231eb07241ffaf6c68e0ae700b6fcbb43756774e1497fb353704284276f46.exe

  • Size

    1.1MB

  • MD5

    d2284e59c46af4d0ee168bd9402096c8

  • SHA1

    898b3c5962fc2ab88e978b50e6b26426b3990202

  • SHA256

    4d6231eb07241ffaf6c68e0ae700b6fcbb43756774e1497fb353704284276f46

  • SHA512

    c580f31db7545f381a48f812b4c6fc0ee32dd2eaeb3bccca8747c366f19ba18ca4d29372cac529d2182e5410fc6027b084f1f803f2910c9afa12cbf022c046c0

  • SSDEEP

    24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaxL17mrR38prwXzc5:Yh+ZkldoPK8YaxNmV3Cae

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2