Extracted

• • Target

    Documente de expediere 000293893.exe

  • Size

    835KB

  • MD5

    ddc7db95fccfbcfe670e1af477ed15f7

  • SHA1

    46f7aa42009718911a1da597cbee29097c089283

  • SHA256

    506c239dbfaa021d6189c70a150211f5b16c7a5fc1412beaf753b98c825e0853

  • SHA512

    c5926759a32804f2a6a79e4e843cd4c01026e5086b706f4da283a9c14bda89cec2f46ccbaa217c1590f0f28168b89f63f5671de4c5fdfb6093f941d6d3cd167a

  • SSDEEP

    24576:TIMo3k/DE3PCQf3arZPgaDNvZm+VJEq/p:TZDQParZPga58cJD

  Score

  10^/10

  discoveryagentteslacredential_accesskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2