Extracted

• • Target

    shipping.exe

  • Size

    1.1MB

  • MD5

    30ec04c01f8fc2f669a92285422b8ac7

  • SHA1

    65ea24d2c0bf10575216e4e89e77d304c9d900d7

  • SHA256

    cb8e8d185adfffe272bafb00ef1000724beac1e478fba3e50682ac0c2300d0bc

  • SHA512

    ca647c33c90417ed3d0d7a7c72bcec075ec28fd89462c140e312bd72c196f0a8c1db597c3db9518bef49b7291e7e35d03058c594ec683d78bf4cfa592195414a

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLPnvM+00kNYUozd15i:f3v+7/5QLvvM+00TUop1c

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2