Extracted

• • Target

    Shipment Notice.exe

  • Size

    471KB

  • MD5

    5246dcb8944246a4d922e39647ba6e34

  • SHA1

    51c412f7294013b83137ed5773652b80cb88c9d5

  • SHA256

    2c96b6799b4a15f6cd01ae6aabae3181b13d128b7b085854c77ee71253139040

  • SHA512

    7627724250c7ee7f0a1363bd467eaa291bd1909da5534935761f4c7cc5d0a1b1e961b1bcee0fe0199b3bbc99bd063cfd5e29206c65f4e8fe60d9adb6d5e26ca0

  Score

  10^/10

  agentteslacollectioncoreentitykeyloggerrezer0spywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • CoreEntity .NET Packer

    A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

    coreentity

  • AgentTesla Payload

  • ReZer0 packer

    Detects ReZer0, a packer with multiple versions used in various campaigns.

    rezer0

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2