Extracted

• • Target

    Sea Shipment INV - Final .20230705001pdf.exe

  • Size

    632KB

  • MD5

    03a8e7e02b995c25b3959520452c8747

  • SHA1

    db62184f0a75f088a1ec8f7d921e325263517549

  • SHA256

    8870531d4e128acc53f46c599578c3b3b6ae82712bfe4a7c008332b4394cb331

  • SHA512

    3251d55808cc937198e282aa1111335c0fe810a51a096c8ef647d93f3e5e3895c6e025c2b89da1d781d48d91e95474db2a3ba32b7d503c465f160fa636850f69

  • SSDEEP

    12288:msC5vmAY2kcdbL4EfVAH6l4EJ5jouFO4BjddN+IZ8kcuc0G9M9RseaK4sQIkEOVY:msbN6GEfV3l4EJ5jq4dddNuNuRGi9uen

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2