Extracted

• • Target

    7a41b429cdfed8b9ce653df8ce0725ca85be3bf676ce491e5b83a26608d31239.exe

  • Size

    189KB

  • MD5

    229e57056d416ef5caed455fea10e874

  • SHA1

    2acb0d2a85363538dda7c7a7e754c6e427d258da

  • SHA256

    7a41b429cdfed8b9ce653df8ce0725ca85be3bf676ce491e5b83a26608d31239

  • SHA512

    8ef9148de047b1c14e1e22a237db7ae53bdacdd4fe013791d17c2a758999c7aef1ff4a32d110bc22be65a5004fc2d325e5c9c47cb30eff391f0108b1f562e98c

  • SSDEEP

    1536:sCo7isr/aczjiTAY1c9wqvnAv77vvvvv7vvvvvvv7vvvvv64+mhhhm+DtqOg9:sd+sryczjiZ+9wqY+mhhhmitqOG

  Score

  10^/10

  discoveryagentteslacredential_accesskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Downloads MZ/PE file

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2