Extracted

Extracted

• • Target

    f004d128db0d7e80af095757c5ca81e475e4323148a5a6528e974c66a1a76eae

  • Size

    1.6MB

  • MD5

    f8773716460bbffd6ca7747301d73d78

  • SHA1

    640643fb458e5f4faa92721faeda202e2096e387

  • SHA256

    f004d128db0d7e80af095757c5ca81e475e4323148a5a6528e974c66a1a76eae

  • SHA512

    68824288a6f8c9e8857ab5c5bcc3b34d166da53e24e6591d480d9e1050af57e14c00c1c2b20f60ded76fce2a4d3cabd4b441dc194f64a726861988c4e7897d7e

  • SSDEEP

    24576:6tb20pUaCqT5TBWgNQ7aJXpGb3Lspm5Pd/pX6AXsqjnhMgeiCl7G0nehbGZpbD:nhg5tQ7aJXpGb3ImzB5rDmg27RnWGj

  Score

  10^/10

  discoveryspywarestealeragentteslaredlinexwormfozinfostealerkeyloggerpersistencerattrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Detect Xworm Payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2