Extracted

• • Target

    CO-MFE-6-2020.xlsm

  • Size

    173KB

  • MD5

    84ba27c4b3083be263a54322adec3149

  • SHA1

    2548d9097c1b27f064a7089afe393fde0fbfa64d

  • SHA256

    fbe5f71e75c1b92c68a6da3698f42a2ca2f9fcc6f620f494c562583c194b2011

  • SHA512

    1553f2c39b55a83161326b232b507d3cf957f633462ccd6bf19b9f6890ded4d70c7c0459347f88cf45c0c846e54672a393914b6f66778748b351e397743a914e

  Score

  10^/10

  spywarekeyloggertrojanstealeragenttesla

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spyware

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spyware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2