Extracted

• • Target

    Veyhl new order - PO 351081.exe

  • Size

    859KB

  • MD5

    61136861ddae7d53a0165c710bab05fe

  • SHA1

    3e001e090821562908369a797feb14da17199747

  • SHA256

    8ccca04fe86f770d8057a7209a6d31da8df7bace6f4a3d8e04d5bbfefc2661f3

  • SHA512

    0ecb011c573972f3ceef4ed12413f4f207094fb9d36daac3a727783058f7401946e678809f4ed436b8b54d0adec46f28c83df90a55bf588228d5e87769a67c23

  • SSDEEP

    12288:qZ9sUz1S6QUxvBKXbGiQOp8j8VQaZrWOreSuNe9PE4Xbm9i72lGP7r9r/+pppppL:AVdeQO2CQaZrA5EdE4rmkEG1q

  Score

  10^/10

  agentteslacredential_accessdiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2