Extracted

Extracted

• • Target

    price request .exe

  • Size

    522KB

  • MD5

    e982efe6f8a7f422bc6c6d990b86f43d

  • SHA1

    430dbd8e9b6457c2866b5b8341826a09596afa21

  • SHA256

    fa1263a8e9dea6c3fa9dce2ca23f8f235f8821446eb5089574c706c37db54442

  • SHA512

    b99670ad2e7922b53ac44ffc60b6627eb0bf5faffdf78b898d21f44c30114f62edee717a2f9085dc3c2cc0bff3def579063ef482418b7f502b2494730707be1b

  • SSDEEP

    12288:ZaWwYqkpp8KKQCr2j/xdsnKODz9xyGamW1MMv:oWDx5fj/xqn9x/amAMe

  Score

  10^/10

  agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2