Extracted

• • Target

    Swift_copy.pdf.exe

  • Size

    777KB

  • MD5

    8a559554176d6e2cbb12389098eb6825

  • SHA1

    be1bd0f78973e68fa32dc0c28f32ffdc20043538

  • SHA256

    dadca1f5e784742f6e72c59228f1887dfd5c7977c28b1198164e146fdff84555

  • SHA512

    bd18983a37bb1951305bcc17e49258aa1e9ed3374980738dc8ca8fe06496a97d1f67cc131dee2d9b7bc289bafca8049c65974c57ae22a27442f24c3e3452f5d3

  • SSDEEP

    12288:difdMNs6iHUz0THMMS+Mvj9aktRdx0a867A8/13lW3a2tRmwkHOi2s9s5Wgvxwrd:4FMNsCUrstRdxm8/1I3a2OWfWZ

  Score

  10^/10

  agentteslacollectionkeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2