Extracted

• • Target

    New POs# ST-2312180 to ST-2312182.exe

  • Size

    1.3MB

  • MD5

    b30d2c0c5d2a7eb1d14fcbee93a3dfb5

  • SHA1

    03a916e21638160bcc2c60a223ea6effbafbe9b6

  • SHA256

    3548aa0ee0cecf920604b5d5d5c231f2a5241a012548198402e6121a43ef55f7

  • SHA512

    8edcef9ba3e7c0220edc57aedb42a916298da358b76a278321b055897f5f709a88ecdf850894e1f6afe0febdf4fbecc637c39c75b064b7ca94cf01988136bf71

  • SSDEEP

    24576:xtb20pkaCqT5TBWgNQ7aKq1LnckdvRHADmacmzi/rYApm6A:CVg5tQ7aK45OSB+is5

  Score

  10^/10

  agenttesladiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2