Extracted

Extracted

• • Target

    PAYMENT_.EXE

  • Size

    467KB

  • MD5

    d2a853f4673bcc9b9b2d17989cb3ba53

  • SHA1

    cee8b196927b10efef3d4efd36a0570f861a0ee0

  • SHA256

    c340fad2083b06131ba9375a8a9a90a71a7b5d9d6153a4c50ab4df210709af7e

  • SHA512

    86bc93532b0ce626548d928b7fd0643e6a428243abf5398528a375302592753ecaeb3c2ed2e01180a79dc2180bc35b5903a02a994211241849b2da3fb888be62

  Score

  10^/10

  agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • AgentTesla Payload

  • CoreCCC Packer

    Detects CoreCCC packer used to load .NET malware.

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2