Extracted

• • Target

    SWIFT REF 458945488437PAGO INVOICE 5954000.exe

  • Size

    1.1MB

  • MD5

    6ef549e83677f76510e8696cb444cf66

  • SHA1

    5a625854d4551744a6f7ffac7f5e61829d160688

  • SHA256

    11169c9d08b88f6ba3595cae46e3ddf257546d592b84489247a021c7fa90f0e0

  • SHA512

    31eae6dd9fe73b59cd9e0a4cd0933b1c2976091d07a68c8abf241c294e360502005215f31236f2a19d34a5cc0537c1228436a621e776448577464afae7768b48

  • SSDEEP

    24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8aFTXfiXRXMfk:rTvC/MTQYxsWR7aFTXfiBXM

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2