Extracted

• • Target

    2ce30c206c8b8fd863e98c63fa1c75b31a3c3018eab127c5496708cf8c95eb22.exe

  • Size

    1.0MB

  • MD5

    c40b747e2e9780944a16ea7f1da5bb2f

  • SHA1

    6a8075a86cb9e4f643653f0c812831352ec56cf3

  • SHA256

    2ce30c206c8b8fd863e98c63fa1c75b31a3c3018eab127c5496708cf8c95eb22

  • SHA512

    da3f3b81b27bf0251bb5db1b6c2e01e2a82f555aaa610e664b9b3c2d56d96974daf7e521ee324031cf309f3eec354220db86c59f3aa6fc2f13a8fd34817d0caa

  • SSDEEP

    24576:qu6J33O0c+JY5UZ+XC0kGso6Fa17RcAvepIrWY:cu0c++OCvkGs9Fa17RcAvaXY

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2