Extracted

Extracted

• • Target

    Request for quote_PO-240102.exe

  • Size

    722KB

  • MD5

    ca91c42a8f1efc6763c7da3d28371f0f

  • SHA1

    f777b12bedb4606df5d06bd3c6fd5bbdf960d436

  • SHA256

    cd8c76f494fa0be5e4267c0552f32fccef575a76801d7b2f01fadc382d589118

  • SHA512

    1ac057c224101285916062d7a7f64f1ab2e37e9e4addfbf06c60d4209e20be52b2613ee15f96f05b3f440ee2f5eef4aef1f8100d6cdd9f6159ec6a99289faaee

  • SSDEEP

    12288:LTrv2iNj/SHl/T7BA2N5MGCp0OzD2GLqYQiq9VgxpvnQxXoVb/xhfIItWo:Ln1cHtnBNNyGCp3/qYQiq9VEvnQxXobV

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2