Extracted

• • Target

    SI-22311 II DOC- SIMUM2022-3000307 II New PO# 10344 CNEE_pdf.exe

  • Size

    769KB

  • MD5

    a2c15efeafd104cd9362336cff46d70b

  • SHA1

    c0855fe8f0c87bc45cee6115b5de18c107a16515

  • SHA256

    5bfd21f95d97421c13e403cf38f88d0e5c5ce875a2c89be94f44cdd0c7c5c436

  • SHA512

    b0ef9ba075de2834e57eb54fd6883da0ebd9fd983fe8e23c821e8818eab3cff3919e51692ed834dd1e06e75f922b025aac458cf9a922386160aae231e7cb1e04

  • SSDEEP

    24576:JIowXBYT808jgRtb2QHFms1a9o1c9Nnu:J86Y2xlpqo4

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojancollection

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • AgentTesla payload

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2