Extracted

• • Target

    4fb5281d2ac2e31416f64aa0ddcece35ac2ebea9fbe503dfdc8036a1289403ca.exe

  • Size

    1.0MB

  • MD5

    52ace262c8e6acdb7d63f959ee499772

  • SHA1

    76760b1c4e049c1ee6d7a2c5723d929bf013519d

  • SHA256

    4fb5281d2ac2e31416f64aa0ddcece35ac2ebea9fbe503dfdc8036a1289403ca

  • SHA512

    edf885bc1c52ded6a9d75d501d78a3240398fa093eada3b0441bc55d36e24a509057e1e6b78c3181a0e89caaa190ce6f934d287ea4933ff5b0b232afe77a725b

  • SSDEEP

    24576:Z4lavt0LkLL9IMixoEgeaU77jfpmBrEOwq9MmCS:okwkn9IMHeaUb4BrEDaPCS

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2