Extracted

• • Target

    Purchase_Order.exe

  • Size

    1.1MB

  • MD5

    d2867dd5924bf310d62aa448eb6fbd4f

  • SHA1

    608fd92498d849c1ae0834e3bfc6d0f57139f603

  • SHA256

    916826c3e3c7c235a5d7b88cb905fcf1fc18b0d90665b75522be12189be1680c

  • SHA512

    c1011e98cbd36f5d3f289c2722fbc8029c5898156d63f04ed44f555feaf6b8ecec20e8c17cfd823896476a49a65522c991a042f9a663a6800fddbbaeb005546e

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLHbiWlt3zxE1acZi1QDp:f3v+7/5QLHXlle5AK

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2