Extracted

• • Target

    0a5816f1e55e810043fd6ac8a6d28eabd755696e76cf1b96d9fc3680c8af6177.exe

  • Size

    1.1MB

  • MD5

    c4c4631fef934697b3dc440a5de2292d

  • SHA1

    4312088d769c9a86759734b2da54a1a08a5d2c73

  • SHA256

    0a5816f1e55e810043fd6ac8a6d28eabd755696e76cf1b96d9fc3680c8af6177

  • SHA512

    9c1c1d6216ea8c15cd4cfecf44a36759252b4e32baa63e7b02e799218ad3c5835093c9dd14e54fe1118425398abcb5343d8b106c82eef705eaf0202cadae5b6f

  • SSDEEP

    24576:JqDEvCTbMWu7rQYlBQcBiT6rprG8abRpfTr/:JTvC/MTQYxsWR7ab

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2