Extracted

• • Target

    b8f925e583f322b25392ce1adb1387982f3263ea03e7b4ad82b707a5f11bab58.unknown

  • Size

    1.2MB

  • MD5

    b23abea70018d197f10624a4a5560e9c

  • SHA1

    2438cedbad4e3bfb911622f23d3cf35a110b534e

  • SHA256

    b8f925e583f322b25392ce1adb1387982f3263ea03e7b4ad82b707a5f11bab58

  • SHA512

    2a79c9b77982849c22f1ba8074f2a8863cbe3b3f707710e10c1ebf7acd7a2130948d10735eb16ac8f8dfea9d2e6cc03efac7792876a933a9f581c0a335f8220e

  • SSDEEP

    24576:bXeFb3EAteIOxMrIBYyOyvLDShiRVmqjWJG4hchn8oVT:LeBjD07y+XSRq2Gcchn8aT

  Score

  3^/10
  behavioral1behavioral2

• • Target

    out.iso

  • Size

    1.2MB

  • MD5

    b23abea70018d197f10624a4a5560e9c

  • SHA1

    2438cedbad4e3bfb911622f23d3cf35a110b534e

  • SHA256

    b8f925e583f322b25392ce1adb1387982f3263ea03e7b4ad82b707a5f11bab58

  • SHA512

    2a79c9b77982849c22f1ba8074f2a8863cbe3b3f707710e10c1ebf7acd7a2130948d10735eb16ac8f8dfea9d2e6cc03efac7792876a933a9f581c0a335f8220e

  • SSDEEP

    24576:bXeFb3EAteIOxMrIBYyOyvLDShiRVmqjWJG4hchn8oVT:LeBjD07y+XSRq2Gcchn8aT

  Score

  1^/10
  behavioral3behavioral4

• • Target

    Documenti di spedizione 000199938848500.bat

  • Size

    750KB

  • MD5

    da0ad3ac997248eaefe828016651935d

  • SHA1

    49f484f1444662748a175dc4ae48a619f3b5a3ff

  • SHA256

    3effce4cfbbd66cc9ca38c09f3b10f436440f8b6b62cf1a0e419e80cfdb284b0

  • SHA512

    d11e9483c816cad9dde58f0b45ebbc4988d3e4d67a25cd8b76d5ea20cc01341db5c3ed35352f12c8b901a5b1ff982fb1c75696b2c20f11ef59e3bac811297a7a

  • SSDEEP

    12288:0XZEFyI7bEAbmYea7O60iKtUrIBOnyGI8E5QwLDSe0CeD43JZHVDwrG8qjWKsG4J:0XeFb3EAteIOxMrIBYyOyvLDShiRVmqm

  Score

  10^/10

  discoveryexecutionagentteslaguloadercredential_accessdownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral5behavioral6

• • Target

    $PLUGINSDIR/nsExec.dll

  • Size

    7KB

  • MD5

    11092c1d3fbb449a60695c44f9f3d183

  • SHA1

    b89d614755f2e943df4d510d87a7fc1a3bcf5a33

  • SHA256

    2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77

  • SHA512

    c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a

  • SSDEEP

    96:JgzdzBzMDhOZZDbXf5GsWvSv1ckne94SDbYkvML1HT1fUNQaSGYuHIDQ:JDQHDb2vSuOc41ZfUNQZGdHA

  Score

  3^/10

  discovery
  behavioral7behavioral8

• • Target

    $PROGRAMFILES/staalarbejders/Citronsafter.txt

  • Size

    495B

  • MD5

    f8ec5da9a203c16b574a1e297e855b30

  • SHA1

    ece40cc31cec21ddc61ff8082a69462afb4645fb

  • SHA256

    23e4fb5cfb24962672e8d831ca83740a1f63a45376272ff6b551f6cab9f3d17b

  • SHA512

    9d1c28f200b4a5e6a45176cc89eff0a9b6e95f096193d5f88e9e43a6417511cfdccd70c76141d5031cb3d7508061959c8f4ca0c20f09e0973bd6b5592f15750a

  Score

  1^/10
  behavioral10behavioral9

• • Target

    $PROGRAMFILES/staalarbejders/Evalueringsrutines.fol

  • Size

    420KB

  • MD5

    2fbcd583334544f0dccd7fc03a2ae5f1

  • SHA1

    2c9d12078bcc5a6c9ccfcaafa5965479dc7004d1

  • SHA256

    b9dcbe5fc57990181fbdef92cfdced9cab5b4f31dbf52baa46118d0328518ee4

  • SHA512

    65547391709858eacee7c0bf542bf31f3680eb0aa0c67dfe7fb59e01b1d2be2be5c3adc81611107e039101c02d266bc986d407d2b4fc8d172dabe00b3361a1a1

  • SSDEEP

    1536:MTZegg2cDdDNNkJkl+bM4fKHqYcAl4MFhqSe:0f+qHAldY

  Score

  3^/10

  discovery
  behavioral11behavioral12

• • Target

    $PROGRAMFILES/staalarbejders/Hydropterideae.Ele

  • Size

    337KB

  • MD5

    a0cc8cc9642e871057a0ecd977983733

  • SHA1

    67aab0c259b067f9f1fa676cecb0c941197d17c2

  • SHA256

    bdbba5b13a626d0aed41c628fcf7926af40430ccec5d03e03f498b1687b4e3d8

  • SHA512

    4f4992c5aaa200b34663d12c0514b6f8644769fba8579d0098762073de11d7d41e196252c5ba202895c0709b82b422edd31aeb79f06a3ca57aa283624f33ec09

  • SSDEEP

    6144:EKKIISNF3vkPa29G4Z3sJYqpUNYIkrYjXZSzLdqsLO97v17F:CIFvkPa293FcYG3RsXZqLo19L1B

  Score

  3^/10

  discovery
  behavioral13behavioral14

• • Target

    $PROGRAMFILES/staalarbejders/Telefonbger.Knu

  • Size

    52KB

  • MD5

    5044e84bc1ae30a8ab16fc6211ceb5ff

  • SHA1

    0668bfbb7c58a9b787ab2a1e174d99db070dcd7a

  • SHA256

    a5e07e1ed61b4a6b6378610f6c8c5a46c61f713d1bb041aeba18ee044056b5a6

  • SHA512

    2a757b88c4794712db072966366b1122fe19317a20986f543b14fb5fcc956faa83e5079f71057a2cf7a591abd1897799e0d90b5bab21be5f28878607596e164e

  • SSDEEP

    1536:YCuvtDh6dKLvRFfRW65RfIPZ9on8MPbqpR:YCuNh6GvXJlQXAqpR

  Score

  3^/10

  discovery
  behavioral15behavioral16

• • Target

    Forskelsstempledes/Helgener.und

  • Size

    363KB

  • MD5

    c981024466ec1f03f9aa40bd2f824480

  • SHA1

    f8fb4002a323da2bbc1f9ec6c2f9e6e52287a2c3

  • SHA256

    6b6df2d4b61339f3da18ef5ae83885cffc36964e02c6a6485aa9a0f8f9b765d5

  • SHA512

    e411b967e95f051eadda245a6a691410f425c53f172cd80183101f680338839e928a6d523204bf4ad78b3a380b5962d1ad9e8f3ab17c88f5689dd505f2250ff8

  • SSDEEP

    1536:e6mQxZtRENoc0AN8QQEPx9anYFzmrntZZ:e0tRENoc0CbpkYAz3

  Score

  3^/10

  discovery
  behavioral17behavioral18

• • Target

    Forskelsstempledes/blodserumernes.all

  • Size

    292KB

  • MD5

    665b4d6f4706045b9fc69d5e62fb69a3

  • SHA1

    3b6f17902d0e6d0941783e64d5763d9243ab7db2

  • SHA256

    6737d246089f9facc7b971a6a4c00148a6ea8214fb7ae3ce83c5c4b50ac58bdd

  • SHA512

    ab2a5dbc6e893f9337d402d35f9c8e925d103bd8cfc264c648f07404b573cb0bdf0f7a499626750aeffbfd8323f2be22e7cd9b64f6c13ee79ee63d706fcce7b9

  • SSDEEP

    768:smqD6PGVhuSU2yy5im+IUp0BBahEJFWIcBEZDCHk6pv+nW+r9XKDQcW0LkunUDk+:YNX7+w4pUemfUR

  Score

  3^/10

  discovery
  behavioral19behavioral20

• • Target

    Forskelsstempledes/echapppqr.soc

  • Size

    413KB

  • MD5

    908e45061369322986aa9151c3ca36ba

  • SHA1

    41d4ae7914e398b7773e5dcbffeba95a49bb2b48

  • SHA256

    8a5e507fe49107b59a9209316705b89f73114622e034199e6b4c583e4f8b7aa6

  • SHA512

    3a29ffeadf1b4c1cd961abe5db67a9c1f639b0ccc103103c3225729a5dab9c75608f9ce3d9f3a4dd4c77daa2b9275e7b1e7ea3dba08eb19dfc51accbc1b0946c

  • SSDEEP

    1536:wMsyqeOEb4fdJuwpjxb0w5OSRizsqntHsbeh:ivZhxbF5itHsah

  Score

  3^/10

  discovery
  behavioral21behavioral22

• • Target

    Forskelsstempledes/primaterne.bal

  • Size

    210KB

  • MD5

    4dfbb2735095e469334f2bb752c97b92

  • SHA1

    2aa2b420850beb79d50473f48bbc73c529d116ed

  • SHA256

    c390ab2776a0e32c28be6343032abafa8ebded9be4fb718c4dbf10cc6c490322

  • SHA512

    7c56514a242ec54fb5adb96d4085601426b38b9131e63ab866e21e9e9df16bca855ae317a17fc8df064854f47fd2e8d343c25f9c3adf3923844a96b4d957eaca

  • SSDEEP

    768:jVwgfuB4aFRsNFBhpNBReXfqXR6B4ScaMrFXE1vMrLt+NCXrdM+R33TG2zEfGKg2:j9/LZxXIiYD0xC

  Score

  3^/10

  discovery
  behavioral23behavioral24