Extracted

• • Target

    z55enyioma.exe

  • Size

    1.1MB

  • MD5

    4ed09e048949521321f0369d2e908971

  • SHA1

    cde6f4133e6912f1eb982f010bb49ab6219831c1

  • SHA256

    fd4381ca3c61af07fce01917ddb0aeee9d848ee0f5b7a4471bcea08ef89efa8f

  • SHA512

    d5621fb95aa1dd9ae4803792c746098f595cafe78880b6c9c6ffa112745c40c9b0abef604b0c5a95166a1e5e08a9acc5405d63cac9d719f1ca90cdad88791802

  • SSDEEP

    24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8aKxd+a5vnOoZCV:oTvC/MTQYxsWR7aKGKndC

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2