Extracted

Extracted

Extracted

• • Target

    cda24af9dd1ec0ac52f40309cfd28d6f2e8501aef32d3ca56147dfe03d89ad05.exe

  • Size

    1.0MB

  • MD5

    2b8fb3b2999f272966cf30453b8936d5

  • SHA1

    45d9092e3d14c0b322254f01d7e38690deeda948

  • SHA256

    cda24af9dd1ec0ac52f40309cfd28d6f2e8501aef32d3ca56147dfe03d89ad05

  • SHA512

    825f09277fb53aac9bc4f791d5d7ec5e3a0aa49bd9ac1f4cfb1437a052236cfb487bf1ce983f9d81829682e43a765e1894613021d1240153c72262db2df68e84

  • SSDEEP

    24576:kfVcF1PYAVoKm+q/xIzLzzjXeBBHMIkJHe0zRV:ZNYdx+FWhMJJHeEV

  Score

  10^/10

  agentteslaredlinesectopratcheatcollectiondiscoveryinfostealerkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • Sectoprat family

    sectoprat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2