Extracted

• • Target

    P0 n.° 1037596.exe

  • Size

    1.4MB

  • MD5

    779916ce1a42f01bfbd61d9a8590c986

  • SHA1

    1c96e7bc16c39d4d021526accda62dc356cd2425

  • SHA256

    d5ae03977dc29b4ed4736c3f045bb47a670255d47dd189a58b90485ae23417b8

  • SHA512

    f1b084835e3145de0651af493cc2c5ce8fe35bf594193001adf619155221c9101da84021f672935c382b8ad66347648e33ba7e04931c4fd43b6fc07083bfdfc9

  • SSDEEP

    24576:pCdxte/80jYLT3U1jfsWaRvFrVIDbJtWF1WeiWr6dMu6Q:Yw80cTsjkWaRTIPO7ziA66u

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2