Extracted

• • Target

    Air waybill number 290132727 Physical weight 1 05 kg Seats 1.exe

  • Size

    284KB

  • MD5

    ad127f6a6e823c10e54c779e92f4ef91

  • SHA1

    26a021276b982afca759e04b62d3cb4caa4269fb

  • SHA256

    d9e7d9699b28022d1fd6b5ced9f32e3dd3210475d6a2b2ec770d331d6a910a53

  • SHA512

    8548b72670635335e8b62f699729881347931312d1843817d28a194142901eae6e29798611bfc299d4302c78aa4b99e24ed537d20d81f69e91e2b52a6843cc46

  • SSDEEP

    3072:s+LwLS2Vbqe+uZtuQ0UzDNwwh0wR2c2vGZ9pwPtV3vJPg1NXHII61gdZwgJRZ/2J:wEe+iXFBwhw0cvxwV3vaHIIiHF

  Score

  10^/10

  agentteslapurecryptercollectiondownloaderkeyloggerloaderspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect PureCrypter injector

    loader

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2