Extracted

• • Target

    BL COPY CARGO BOOK VOY PD1324 SLD PIRAEUS 060624 _pdf .scr

  • Size

    60KB

  • MD5

    21f3007162806efd885b59c2265e5ea2

  • SHA1

    c8a82785710f1619be0c91a5c1aff8db270b0167

  • SHA256

    61e4823faa69b7e5acc99c7622c92da66cfb195bf65678ee3bf3a8265e635616

  • SHA512

    bdb0896226adfaf0546bb5e06af85d20f06043cfd65e69bc6dc60c2873ea3f17d09478da8e8e43cc9df60a3d1ad5c6b466345d6aebbc184b8dd08d406610d746

  • SSDEEP

    768:I4oDM5f8E9w7GK2BRJJEFFnLe741io4HsnkjMyOOdBy+GzoHC5FegzLJzHXlyvTY:IS86BRsFFLeM1io4sqMIZ4Fes1zH0W

  Score

  10^/10

  agentteslapurelogstealerkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

    stealerpurelogstealer

  • PureLog Stealer payload

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2