Extracted

• • Target

    MACHINE QUOTATIONS.exe

  • Size

    1.6MB

  • MD5

    8fe6a25b6bc10fb2da65d47e78b15114

  • SHA1

    ec43904070fc8def0c04b57fb94dec4acb0fb008

  • SHA256

    90ce404cba04de876318ffd7282c216892edfa5d074d35d66f48ae02432f701c

  • SHA512

    d84c93df4ecdbff0014ca039bdc59e3e1d0cd934ea0bc33be3e061b958d1b760a927fb8ad463d9fc143e325866b6b1f735f504d9feb445eeaa86da1614cae71a

  • SSDEEP

    24576:Rtb20pkaCqT5TBWgNQ7aY3X3N5MG7JA9sRKA1rWCZ0lbi137Yb93qS5h6A:iVg5tQ7aYH3N5MGVAYhrRaFi13m605

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2