Extracted

Extracted

• • Target

    355878cfd65adca3a5ee759a484041f823bc9578099e5ef4180de198931592f8.exe

  • Size

    1.1MB

  • MD5

    a437894833f1d29adfdff86cadefc0fb

  • SHA1

    a6026520fb59515d7533ab33548f926f0d1e9a13

  • SHA256

    355878cfd65adca3a5ee759a484041f823bc9578099e5ef4180de198931592f8

  • SHA512

    d6012c6c7c7f776c0540df3b98f6e55f9039a6c99b57b3d5c71cc55ab3e514bae3318b1ecc4289a09363a74b8ddc88d8fcb6be0e5e8635d487b60072101567b3

  • SSDEEP

    24576:WfmMv6Ckr7Mny5Q6J7IAH/iZpGY/fUAo9TZq:W3v+7/5Q6J7IAH/inDfUAojq

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2