Extracted

• • Target

    aplicação de cotação.exe

  • Size

    584KB

  • MD5

    0c39690ccaf6423656511f70f786f69b

  • SHA1

    a18ca5f0aceadb3d439d503dd4e7a3da5ae27e4f

  • SHA256

    7b0781645e52ad2c61df1c8b67d9d5748666f5d2f2664432bb506b4da0436637

  • SHA512

    e582516605f628ec4ef1be65470249a27428f4ed2c8e687c896610f12dacb02fc1ff395f14af7cb45480a4ff16ed5ed532cd65065ceac3c6b048829f1d5b20f9

  • SSDEEP

    12288:8YV6MorX7qzuC3QHO9FQVHPF51jgctJhSCx4ye5nEhrXqQwngIDHPI:bBXu9HGaVH8Cle5EhWQmgoPI

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2