Extracted

• • Target

    PO_7862679238279-GITTERSTAR-UUE-EUROPE-UUE.exe

  • Size

    1.5MB

  • MD5

    96a7ec39104585a6dedc95933dd9ac66

  • SHA1

    3dcbb5b705081ea3a822bcc29d0bcc85626d45ed

  • SHA256

    44562817ca024e665e0c44fa1911e74d210f938a29518ce0b186a11bbff1ff72

  • SHA512

    3f0b6f60b1dbaac04c137af09bc5e663feba457091a27b79543d73ffe467bfa4ee61f0d151833ada62a1849cfa207f662f10114e0c966c2063c29f360e412e27

  • SSDEEP

    24576:kaX/AV0ieMwOd02MecuTCExaiQB/XpbbFIZ3:kG/AeieMnxGJ

  Score

  10^/10

  discoveryagentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2