Extracted

• • Target

    Payment advice.exe

  • Size

    1.1MB

  • MD5

    bc7f5a3ffe1b7377b53f4d3682514224

  • SHA1

    5b86b7ce857b243b96c8344d1357ad5cf1a94cfc

  • SHA256

    fb04094c609fd7ab6e1130443f44d7fb62c5b565a4a8a806413e1e74ba1bf3c1

  • SHA512

    09ba951b07eb916aae012e587a5ceceda763b301096a55b34b837d42f0d38044e0895bfb9d93828cf6979ee34c7927f2adc477a4f0e2284e49501bca25eda483

  • SSDEEP

    24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aZFFhb7mZQMy:yTvC/MTQYxsWR7aZtb7mz

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2