Extracted

• • Target

    new order 457746748.exe

  • Size

    1.3MB

  • MD5

    a60ae5b2b27754008e1197e87104453f

  • SHA1

    76cc8d0d1ce43796af3290937470b446fa918aa5

  • SHA256

    95fb84d1006d06bef8ead6bcc95a19abb112a16c2f6bd6e2ac2b9df30246364d

  • SHA512

    8c4dd8a8dd1196c6b6d322f1bd94737c264fe6a25cc28e1f65e9d189a13c6e74a177618a3a8e1dc81afbef79ab18c86cd91b1c0cd403c9c064587fb93cd6bef3

  • SSDEEP

    24576:Ho62WQve2q4HUX/QPJj50KSwLxsn6ZmZjMifKX5M7ws43nJxx1q4:jltuk8in6ZmZjrKX5M8Xi4

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2