Extracted

• • Target

    50a0786c77f3dde200940934383e97f756189a70865954f72c25ffa486240e78.exe

  • Size

    692KB

  • MD5

    69e8d0927a6dfc9c7bda829ee75634eb

  • SHA1

    8c382eab9c9b016ffb201b29e1ccd4fadc571828

  • SHA256

    50a0786c77f3dde200940934383e97f756189a70865954f72c25ffa486240e78

  • SHA512

    6cbd0c1d0ed7029e5ddfcd28548cbdf3d4386ff2b3a21b1531469fc26375df9d05892f291657f39702dde23694b1c9c40d19efe40b0b8a1565d157f1cd75e350

  • SSDEEP

    12288:7IBKYvI8BCBUg1GeL8+74bdyE3BUqZ/IegDIMCzPMQCJom0hK/U:cOwaT1bL8Qkh3BUY/iWD9m5U

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2