Extracted

• • Target

    New_Price_List.doc

  • Size

    22KB

  • MD5

    55270b0cc9a3fda4609e29c4e1cda566

  • SHA1

    edeffab799a9ac347724e5f6a7aecaa087b452c6

  • SHA256

    86131b3185958bd9ece75c484ff8ababf6048b67f3c988d01eb3b9fd3bd1f959

  • SHA512

    2cf4b8955af2e7415bd40e6c629e4cc18797d3c410e7f741ed94952cd72bc04913f3818071efd7ee4822263802754e034dbe2a4f9d2c7f612727ffe03a4e3d58

  Score

  10^/10

  agentteslaredlineinfostealerkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • AgentTesla Payload

    keyloggerstealer

  • Blacklisted process makes network request

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1