Extracted

• • Target

    LISTA DE COTIZACIONES.exe

  • Size

    1.2MB

  • MD5

    9e0277fc96f86accaa6dbf0fe729c0dc

  • SHA1

    8b3425a0441f56f37a20b81a9dd023fc83abb06f

  • SHA256

    3de2d235de3dd1488d4405382c3498030d84ff10c0ce04597f2e8151bd92efff

  • SHA512

    519b8f9634b1c1662d2fae60a1bcba670f2966317fa5d67469bc8dc4983fb8fae806a8acbd79e195c98b4ff8fda39bf1ff47adb8d873bcc6fd7a288751d8ee80

  • SSDEEP

    24576:WfmMv6Ckr7Mny5Q6nwI0K/FbcxA24XJnqToZUMBYA1jDg:W3v+7/5Q6LjGA24ZOWDg

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2