Extracted

Extracted

• • Target

    QUOTATIONS#08673.exe

  • Size

    1.1MB

  • MD5

    4cb465270a5f5bc88eb61161008f5234

  • SHA1

    6986a6b4460f3f2dcbcb534be5f503722b620728

  • SHA256

    2b0aa4afe0006f9504246100a5beda8fa02832fa4550e75e02007433d3fd2eff

  • SHA512

    221f311fdcf2c0c28f8b9032f77af77caf20c110892537f83bd7eaa8814b7f258e8dd6a55b86348fb1e6663a69cca1956338d3abcae2cc799b28a57a9c70cc80

  • SSDEEP

    24576:WfmMv6Ckr7Mny5Q67nzR4HUwS6/N28xok1p2dbbwzb:W3v+7/5Q6nRHwLlXJn2dkzb

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2