Extracted

• • Target

    Invoice 1000_711119.pdf.exe

  • Size

    806KB

  • MD5

    8a3c0b5a4d9d28bd6965e18cb36d53d2

  • SHA1

    35d1333301d0449c9ca7895f20173d7787193d3b

  • SHA256

    6fe16b374a594b460bdd5bde3282b2e845b48757650fdce9acc4823d1a4fccc9

  • SHA512

    a858d6ed006aebd6aad1b5f53b8998b8f64eab13ac7d476a80fe7a4beb10d71c33d907c6d808f9ff25f50c33606fe6ed32dbce14ab18569d36433f2cd63a51ee

  • SSDEEP

    24576:VD0tM85tbNJjldeYiYP2u0hs8Pl/ROxPcXTICiJhg:VD0tM85DJjl/iYas8N/chOEhg

  Score

  10^/10

  agentteslacollectioncredential_accessdiscoverykeyloggerpersistencespywarestealertrojanupx

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2

• • Target

    out.upx

  • Size

    631KB

  • MD5

    4cfc336a1227bee3e8faa8c9c4d4064c

  • SHA1

    89d32b1c8a4fcdbae47c7094ec8bc3892776c180

  • SHA256

    3351dd65441b3d2f5a7db8377c57715f586730b2355c8c7de5f1b910357e9605

  • SHA512

    ca3b31f4f6b3513aa33e0a8fb7fda04970ac9d81c6e36c6f58838a23908da1f4dc74e81f6fd1314255c22ca4ce3c307ca9cc305fb9c7e0e27f03625fdf14580f

  • SSDEEP

    6144:DBlzInco1bg7vxVLWnCA2h+uiSErK/3nQbjBZaK56A8iFKe4er6nF4mTDxWUaJY1:DLkcoxg7v3qnC11ErwIhh0F4qwUgUny

  Score

  1^/10
  behavioral3behavioral4