Extracted

• • Target

    DATASHEET.pdf.exe

  • Size

    812KB

  • MD5

    ca87fec7058336ee181a72b358fe73eb

  • SHA1

    b60594db58b85f139fe81c09e66157f4589143e0

  • SHA256

    42c1b181d44bcf77ae24d90ded8dc3a319a1646e5d7e93fc6cfc4d25ae685f83

  • SHA512

    b4c2cf61cfea57fccacaa540d070f8cd62e61b66380615fd8ffebbea92fa03f94f09a0ddb7f58f8e821c08b2416726d8df005445324498a35461168b5f51bd55

  • SSDEEP

    24576:tl1zGUxjsHnpd/nLkB0c0NmrjZU/+LKypMJJd:tPLiz/LFd0UmLdpMJJ

  Score

  10^/10

  agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2