Extracted

• • Target

    purchaseorder.exe

  • Size

    1.1MB

  • MD5

    153eee5e101ec857b140cca87f264d80

  • SHA1

    e879c0ccbc0d7ed39cc91f9dd3ad9e89cf06594b

  • SHA256

    0d7a4a69f12914329cbff3ca263858dac70c0b5afa1657806129e553fd9e246e

  • SHA512

    0c16b298bf3220a3f39eded3727bb5b9a0a6cd5dbe41d6befdba9ad20b6979ff8fc9929282f41049e298c8f9e5e5dcf207f4a8915f755286b8c2d7674b8ce68d

  • SSDEEP

    24576:ffmMv6Ckr7Mny5QLki/z3093nfJQuXYXxLEnG:f3v+7/5QLj/g9fJQ9Bf

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2