Extracted

• • Target

    rBrancheforeningers123.exe

  • Size

    377KB

  • MD5

    f63809d17e11d6e0d719d44a2ef45ca0

  • SHA1

    58a52ad6005886660cf54c7abbc21b7b31371894

  • SHA256

    d209b6fe66d2f2c856a3f56d6386a1963381a681c2cde6367840a24d717427e5

  • SHA512

    c18204e5fb2e13665e76f42c105cbaeffbfe10d54e59ec90a3c416d76f192d54b80a05d35d973f3afa15f4c43f1b7d82587f0134d992630548caf70d5328cc1b

  • SSDEEP

    6144:sspNjlsvCnvxZGVGGMrYfXcHQJsOjGXve0i489/8zvZKcrAc2uxMK7S+2vhv+k12:scBwJsON+zHrAzfK4hGko9HJSU

  Score

  10^/10

  agentteslaguloadercollectiondiscoverydownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2