Extracted

• • Target

    COMANDA FINALAZD33166-pdf.exe

  • Size

    699KB

  • MD5

    9444e71802e12684478363233fd62c92

  • SHA1

    f2b4bd9162b591b2a2f4202934145864e16053fb

  • SHA256

    844d1e148e8c3b897bb0443f74b1bde3da7715e2aeb88d31c8c806da7e447b41

  • SHA512

    fec573d2b453086f2ed0b8b11824e4626fb3712134a707f100b9b2704c489fffc1259646979b0c7ebeb032421163b35beed13d2772ac02a7dd08bf7723821805

  • SSDEEP

    12288:WwFGHEXEzFGj9F5qx5DJlm2HlzYmdMylgimtdYM3O0V7bbJ:W5HEXl9y1lrz7lgZtub0V7B

  Score

  10^/10

  agentteslaguloaderdownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Drops file in System32 directory

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2