Extracted

• • Target

    OA USD 135,900,88 pdf.exe

  • Size

    636KB

  • MD5

    0e1282c087e1abdbae10d7497cf9579c

  • SHA1

    4dd56ae905050e061f557a34c1fdb68d19202412

  • SHA256

    ee62838a0de9611ef4a274e1c876605aca8a9548fe14664ab50802aec93bef3a

  • SHA512

    6aa9d730f8a4954b5259f0c2b5604e9ddfb7e5a6ac7356af97bd6bf72531a263b04e43388bcfa1e3205e92212274f70d86ccf0a0e546d71f3ad3738cba262a5e

  • SSDEEP

    12288:kBgOWP6iZHiFRW3mIBpN9NbjCgtfZRCawRL7Fi54bf4ZgHh1Y:kCp3mwH9Nblfy3NG40gP

  Score

  10^/10

  agentteslazgratkeyloggerpersistenceratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2