Extracted

• • Target

    Shippin Documents_Original BL_Invoice_Packaging List.pdf.exe

  • Size

    1014KB

  • MD5

    2e3fd6275c8a331ef93ff197ea13ed51

  • SHA1

    94aa8a3a6845822529e3c179abcf0bb8be3da2ba

  • SHA256

    c1d6dd78fed2d99fb6a9c7af0e65adee429118ec7bddbe2782cfd900003a3bce

  • SHA512

    2575e4bd75e7bf572970fd373312733b6fe6dd1bf99fbaaa70cde7044ea524f8a9ecce86bed754928a051de2f71da69b955b0b516916eb90579efe99c7d5eb23

  • SSDEEP

    24576:Tu6J33O0c+JY5UZ+XC0kGso6FaP107mvxyUWY:9u0c++OCvkGs9FaP10GCY

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Drops startup file

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1