Extracted

• • Target

    답장 Redmond, Inc. 송장 422934 파고.exe

  • Size

    1.1MB

  • MD5

    01b11b328b1a7626360a082a51f18f56

  • SHA1

    43c95605ff088f60dc46e103a25dd52a7bd9c2c5

  • SHA256

    eb56fa3be684223e59c0c407d35fd60a5e7be04bb24977d69049ed00f1ce751a

  • SHA512

    7b30161773cf65b28d62f464e9facde529e9bf821d59075b1dd4d6f61796fd5410ced80379d2ec7ac5a93b927af9f1463cfbf82a60bcda0cfc8c732d2fa3942b

  • SSDEEP

    24576:QqDEvCTbMWu7rQYlBQcBiT6rprG8aD1TXQkYQz:QTvC/MTQYxsWR7aD1TXA

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2