Extracted

• • Target

    aa5e1b14dec14bf94e44c6b74ed3b2e97a52a607589bcb385dfa5c4aefa20c96.exe

  • Size

    706KB

  • MD5

    6374e8854e99b03c91f3eabec0327631

  • SHA1

    5bddc6e6aa06c5c7527200f46fbcb4051b0080fc

  • SHA256

    aa5e1b14dec14bf94e44c6b74ed3b2e97a52a607589bcb385dfa5c4aefa20c96

  • SHA512

    99790ea8a469125600e990c175f8255ab4a26fa6f52a27cced0b325cada4948631b22b10ca50cbf998ad0fbb7d185fa8af3c48b87126bba15f3e52682cf32b20

  • SSDEEP

    12288:YvDJMGRn+cqPnbCHp5T6/b4b/n1yNFwP0nRU9:UDV8cq2HphQbsaeP0W9

  Score

  10^/10

  agentteslacredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2