Extracted

• • Target

    ORDER LIST_SEPT7FIBA00541·PDF.scr

  • Size

    2.1MB

  • MD5

    f553993c429df4169eccb3463ff291be

  • SHA1

    6204264af92d6e1d31bd806ac9be14b105db422c

  • SHA256

    c5d72b59daee806a6528a681f2aa98d4ee4a0c3b96b897e5b2e1cd591cc5d633

  • SHA512

    93676a7857daecfc5b87cc73411c042c253e0f6c1fb51fd950e5c184e0c74311e7286d92d1a79ad82681eea2f47ea04809293494a10deb38657705cf8daf3ac0

  • SSDEEP

    24576:L9dfiq2k1eAFH5Xid4ajgyMLX4g2RoH43bXc/TAvsmts31ycmuFw2+LY7:ak1FDYoHMRvsmC31yUaXL

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2