Extracted

• • Target

    Datoteka FAKT_433P200527S1005103.exe

  • Size

    73KB

  • MD5

    582ef8e0b652b1079cd95e12ec09cdaa

  • SHA1

    dbce1ca5ac1cd0af150aef162b5ece63d9454aa1

  • SHA256

    7923e58a1a1acdb087da37266e7bed734001122b36e8902513e7622d9157d4cd

  • SHA512

    85488072808b90cf29a46e194b22efd8123cf1be0dba3bfc2713e3591f509187956294927846b7127af6609340f3a8cc4ec21264c61ea580a4a1f2b17cbe2638

  • SSDEEP

    768:mcDxkgBoJ1Y932HHDW6cDWS9VJk6nxgfpp1QfiOXr/69X2Ie3STH9s:dFBoDG32HHDW6ca2yyGFOXr/U213Sba

  Score

  10^/10

  discoveryagentteslacredential_accesskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2