Extracted

• • Target

    Documenti di spedizione.exe

  • Size

    617KB

  • MD5

    79cb40033e328f61fe68bd76dd67a7b3

  • SHA1

    a68854ec2481fc2f874e2180dabb155e65c6fbd4

  • SHA256

    255ddfdf1409d89110925cfa93ba323d1a68b6c0916764169eeea521867816a6

  • SHA512

    7ef13f9f7e75c865a7c8140b9c615687e04cc1e46076de75a963952dff2d000576481854dce0e98cde8db9ee9c12f43cd8def9634fc7b00b09a0b95b6ca6e3cb

  • SSDEEP

    12288:MDG0VKZA6BbbHyqrSXA8xvJMUzPvRQIBD7f/KYC+c8cIti62JB8PoZSBm:QKeybHyYSh1CefD7nxFTcIM62H87Bm

  Score

  10^/10

  discoveryexecutionagentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2