Extracted

• • Target

    767f8a18d7d28b82d76fd39c3ae639d352659110a6bfa1a4b929f136e034ca8d.exe

  • Size

    837KB

  • MD5

    2463575784d44db969d159daaeab6f57

  • SHA1

    7585a951ad6217ef5f0141eb12c61ac6a14134a3

  • SHA256

    767f8a18d7d28b82d76fd39c3ae639d352659110a6bfa1a4b929f136e034ca8d

  • SHA512

    14d61ea3a1a17cb93d2213708ebe129859870c30769989f696ee67270c4a1e4df054383bb6167e2a66bc2434170f3226e6424693b5d57e8af676ac65564e97e5

  • SSDEEP

    12288:tJ/9WflU/9DJto2jXoZoP4HZh0UVDXAvaeB5Lgjho2f4LxuqS:zylU1o2jqnH70UVDXAvak+0Lxuq

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojanredlineinfostealer

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2