Extracted

• • Target

    3e34df077c2181dab1d3da4112962df9f8cd275fa036af89c874081db55b31a5

  • Size

    1.0MB

  • MD5

    5b96e3e61cff5c2a302ef9381d333170

  • SHA1

    4f1746a0d8ae0e818c33b3ab7776a8641d7cfdfe

  • SHA256

    3e34df077c2181dab1d3da4112962df9f8cd275fa036af89c874081db55b31a5

  • SHA512

    f8f76d7f41cb9a6bb174d24a1c3785e3e0f223d78957e33430fd6e900aef10135da379f7fe16c15c11ee7225ec09ce1f11bc65a07eeb4ae912e0bb7f8ec09c6a

  • SSDEEP

    24576:BAHnh+eWsN3skA4RV1Hom2KXMmHamRwdFUXB4MMy65:Yh+ZkldoPK8YamS7UOMW

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2