Extracted

• • Target

    PO 00009876660887666000.bat

  • Size

    756KB

  • MD5

    a17e477f9d45342182f01cac527c0c1f

  • SHA1

    403e5d7d981f01b967e36dd98e06e70c9d7acf0c

  • SHA256

    783b5b92ea44666e1521eed1d7688f1bdf9044e83ac39258f9905397f52677dd

  • SHA512

    d3d8d4cf712a175ca0d61b44cab482d49166c15228c04c5c1da0984f80c40a9f848a2407f8696a660d6567ee1ee7468bbd95b1876f891be68a5028a2477c849a

  • SSDEEP

    12288:52SLJDgeOPVpmYLlKmxvIv2NeXLoSIlAz44XsZZqStdNx57YDXmpcD:5hLJwrmSsmqv2Ne7oSZMX7jftYD2uD

  Score

  10^/10

  discoveryexecutionagentteslaguloaderdownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2