Extracted

• • Target

    New Purchase Order Document for PO1136908 000 SE.exe

  • Size

    7.1MB

  • MD5

    9b2c361b77d2a5198602a24b473b506a

  • SHA1

    01a4beda7991a7d5ad9717e25e3d47d219dec1f9

  • SHA256

    9ebb6978d40e7e5870ee40d426ccc6cf7eff686b5d95375399c6d15388067f0d

  • SHA512

    3fb44a807dc6bc1aaf97f7a39b06a870d1f8d19429cd699b1839ee4233d1267ab3fac535255b49d07d32937e79df888c1e75c52a725405b416ed99236465741e

  • SSDEEP

    98304:YlaHVJHFOv9GJ6RiiOPriSL+pMI6cNKu4X2XfQ9rr6YrxV:ZHzFOvcOS0MRcNz4mI9qYtV

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2