Extracted

• • Target

    F25-Try on pdf.exe

  • Size

    1.3MB

  • MD5

    dbd54a222b7f9aa1abbf19a840421ab7

  • SHA1

    8555ea63be366d4104ea299223eab6155f7fa107

  • SHA256

    b31b08dbbbccb893273b1cd7a9f21228eea7dbda46a2723ce34542f641eb6a46

  • SHA512

    c22bfc1dcdd3d59d7181a3306a897c031a2cf76f9a856f9366ed47f99974b2fb06f957efcd90d3b1c355c989d7d16093635578adf7f4da26a6d923df444aff20

  • SSDEEP

    24576:WXZiqgJiqzPiWXSRy45jKatSOwdLyroxNz71qE:WQqg8wiWXKaatsbX0E

  Score

  10^/10

  discoveryagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Drops startup file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2