Extracted

• • Target

    PO_2108893 2024-09-04.Pdf.exe

  • Size

    1.0MB

  • MD5

    131a418c0dfc4e6d965ceefb07baa68e

  • SHA1

    c02328672ae4e3ad76f319eb897e0ee3001e4f13

  • SHA256

    40f3cd36c025b7255edff0da2f2a11bba1651f7fe94011c4d314370b1bf54092

  • SHA512

    23589cc3d428be2b9c1bf3fb0e1a351fcf3254fb1d59b7473b53414ca2f1c18265c3709ab58fac737fdc2496892b5a958329419fb6d1e9913b4c7fbba6ccfb69

  • SSDEEP

    24576:RAHnh+eWsN3skA4RV1Hom2KXMmHa3jhMlTr5:oh+ZkldoPK8Ya3jUB

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2