Extracted

Extracted

• • Target

    Scan_20231130_085902_pdf .exe

  • Size

    827KB

  • MD5

    5388a9eda1698bab204e57054a0df83e

  • SHA1

    9319e5125e5274a4cd75b2e239f7167da01c9a9e

  • SHA256

    ecfe6f56c220473c0f1730960e907f103e893c3778155d3f675ebbce4621b61a

  • SHA512

    a89586e40461d913a6bad7e3499dc7c441d9db465bb331c458e02884d24ee862234398de8006bbe374e766ba0d96d970ff467c6a1bc1b8bee933547c543f2bb4

  • SSDEEP

    12288:wg0SHdr/2DzVbI421wLFtA+yG0+G3Lc1N9FLRlwR:fX92zlIx1WtArG0CRF

  Score

  10^/10

  agentteslapurelogskeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect PureLogs payload

  • PureLogs

    PureLogs is an infostealer written in C#.

    stealerpurelogs

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2