Extracted

• • Target

    COSU636.pdf.exe

  • Size

    721KB

  • MD5

    4fd26a9d8c021aac5b9e1bf2b31a3bfd

  • SHA1

    41ceeed2eb2c787e9421a72bea969e19781ae277

  • SHA256

    2e70696732ae7b8af81532560895685bab737a103bc399f0ab1636d5cc7b8b64

  • SHA512

    12ac56c79aab3bb93f81dec405ca1ae55194b2cad5e1f6c5c79db654f83dbf1e9074bcd6ad8c46b04bd7781b22f0e574ae830fa9f568efe2ff575255921679e1

  • SSDEEP

    12288:+J0pei36RbrkaZibuPF4pwH9LNi+C6fupO8Er+CqNg6Wr31eZkVhxjJcmXC:++pp369ktyP+m9LN/TfUusg6Wb1dVTtx

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2