Extracted

Extracted

• • Target

    PCA9626B,118.exe

  • Size

    866KB

  • MD5

    cb9e1d1bbe47f48fc4e5160f7ad601da

  • SHA1

    1ff552e59a6d88d7600130113f88a75e4f88c8cc

  • SHA256

    77529cc504690e79a72680d72b42be8f021f5b2799fbce50bed59637dc4aa5b2

  • SHA512

    cdda2bc4607929f0a89566ac5dc0234e8140e0698a467922434724d50d76c9436ff7bfc141f2f469efeb85bbe239a487412fd059c5d44129473f70176adb8286

  • SSDEEP

    24576:uHf2Uol0ge2X7EXMuYcXrcMt/nzzGcXNyIEikE:uHfql0IL6MuYcXL/zzGcX7w

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2