Extracted

Extracted

• • Target

    Payment_Confirmation_230721pdf.exe

  • Size

    53KB

  • MD5

    4feef1aae6a0fec7806c2c0fbbee297e

  • SHA1

    2be923d8dc05abe584621a4bff5c9178cf43777a

  • SHA256

    e03f7cbee9ba8443d200f1bcc47101185dcdc27b965b0ce9b650a0aae4c40492

  • SHA512

    44c8d14b4543909e5f1451f25330f8d7a9679d12b2eaefab2c21dd8cf1d41491d1e41b00230a4cf36b5be63ba1b9721ce8c4ee07d0f802b5c284c6c655661a31

  • SSDEEP

    768:qgyiRquYaRH/+MSlKphRUsSnDK3EaC8l2bP3SScNY8nfRqTuM+1+S:q1iRTYqNuKZUsgDK3EaqL36G8ETugS

  Score

  10^/10

  agentteslapurecryptercollectiondownloaderkeyloggerloaderpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2