Extracted

• • Target

    0372YT591445-22 -33,000-EUR-SWIFT MESAJI.pdf.exe

  • Size

    1.0MB

  • MD5

    7d1ce33dd0b35916568574bc74bdd9ec

  • SHA1

    ae301f0385186c4b471c5fdb81ba867fabcb4005

  • SHA256

    dea123120680cd1e4b53ed10ad4b6be99792c0d2847652edc4f7bb5e0eaa3c7b

  • SHA512

    039da908c27be7c199134b69a60d081e3b94e85d6b6130e9605efb87978c63c81ccd9982f0d235aefe571f44faff7dc0e42a2359d06841e7252b072c89f368a1

  • SSDEEP

    12288:k0uI/f2CWjxdgKhkR/3z3q018CcGc44OmTv/mytaS10/9YR4bJ8dFY4Hs:1Xu/dgnR/iCQO6F8adu4M

  Score

  10^/10

  agentteslacollectionevasionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2