Extracted

• • Target

    enyioma.exe

  • Size

    1.1MB

  • MD5

    462dc62ec8cf0582b45cca66c0d16eb6

  • SHA1

    6725468bb6b388ae894cb6c168621f970398ae5f

  • SHA256

    b24e9e338775a89120c668c30ac6c6f2064160e9442988f8e8ea807d7d309a2e

  • SHA512

    c8027f3d7b6c3a86e2ad265fd7cf501266b42c6b46f9704942b85a130975a8fb546ab3b51ae00db77d3a3be290ac672fc86b89e86d40d5bcb3a0e378b72aa98b

  • SSDEEP

    24576:4qDEvCTbMWu7rQYlBQcBiT6rprG8aye+qV6zLkRh:4TvC/MTQYxsWR7aye+CSLk

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2