Extracted

• • Target

    db8fbdc2cb7282fd4b8727c6be52f44053fed4951ddb5a4bd7d055a485d3b13a

  • Size

    1.2MB

  • MD5

    2f8fc6d5b2557f6bd28ce99ac3041d4c

  • SHA1

    3716bdc3da3017a61ba86849a1ffec185075a6a9

  • SHA256

    db8fbdc2cb7282fd4b8727c6be52f44053fed4951ddb5a4bd7d055a485d3b13a

  • SHA512

    0cb7fa4d5790d6ddcd1b5fb20f48a2b1f0cfd9023b17fc32904adebb5e24574650d5afab568d47b9440307abb9f6f3b3dfc304704f4c56c2eda93adec974ee1e

  • SSDEEP

    24576:UVC9LyfoEJ29VXPg3eNoRhLs47OFvWM9wdx0Y1Dc8ZUBNz3TUZ5yWg9QuZh9Aq1m:UVIWok27Y3eN0hoJHadHDc9BNzjd7CEm

  Score

  10^/10

  discoveryagentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2