Extracted

• • Target

    Docs.exe

  • Size

    1.1MB

  • MD5

    9b5147cc095f0509964efa7f5daebdec

  • SHA1

    6a1b85f7d809b5e34d31822e16a557fc0c8f4b31

  • SHA256

    0989a20ad0aceb20e2199f0bceaec9461f94b49899f7d2cb1ce61d05473f5d1a

  • SHA512

    e191b63e7c095f6415dd546646fcb558f3d3ea65684293dc3a9c6544611262dbf50b4da623f4f30d9cdad1511071ad31eb575f29b206f94e2e422d515cbf0294

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLj9PHl2ZjITtmuoEx9LMQUW:f3v+7/5QLZPpl5L

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2