Extracted

• • Target

    b07cd71f9882bdd5e28f47863b84634b985bebb1dab1e5cc84e246b94fe8c864.exe

  • Size

    691KB

  • MD5

    68b43f31a73b4ceccb149056b6a7aafa

  • SHA1

    067ddfcf7a22a17e438a1c26cfa37c1427bdc0d1

  • SHA256

    b07cd71f9882bdd5e28f47863b84634b985bebb1dab1e5cc84e246b94fe8c864

  • SHA512

    8f72fbd2b9f31e1b848fbe40308181091acabf8b41bfde8aeed97bafa200f3c5b013c529fea171f49a04d9df339b715774eaa9d2f2bd3d34e7e2fc88e73ef2a5

  • SSDEEP

    12288:pHao7c1AQS1Gk1GAEMtXU5Kazq+qw1iwVgADl6pe/2KUnrpe+6ztu7a7Id0O:xaogiKk1GAjkMazq+qwVNOE2pn

  Score

  10^/10

  agentteslacredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2