Extracted

• • Target

    AWB _Ref#5800028900pdf.exe

  • Size

    1.1MB

  • MD5

    bde744fbe419f73f9b44fc0570c233f4

  • SHA1

    f7b987ce8d3e4e1f1bfc7819c70ffefcb158fd2c

  • SHA256

    586008861c32e8f32bb841b3734614ca385ba4c554a976ce9074a27d0df5e784

  • SHA512

    5fcafd65d155abb11fbc84c10fea30afe190c89ef7b806654887b8594d1c6793b017902a0f479ed03968e4003af71edb2f33df9073406bbdde3519fa1dc75a75

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLnX89AOLbz+kbn/y3B:f3v+7/5QLsO8bSt3B

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2