Extracted

• • Target

    Proforma Invoice.xlsx

  • Size

    172KB

  • MD5

    95e19466dba964821434b337d9c4623a

  • SHA1

    813808c45b1733728bd1f8a7547bf39bb7a3637b

  • SHA256

    37ce0c89e3dcc1f432d69facdcd0abfbacbba1e2810cefa37d7944e91a2d6954

  • SHA512

    101c7c00cc30cdee32db1bce721cef981a48c622601a01f09570e9dcf0777ff5cc08047e31281635adb045fd4366cbf7daf6fc5e919c6d02aaa8ac362d3d271a

  • SSDEEP

    3072:8dyqdgB44y6C/coHz39mV6DM7DKPbrgNx8vTORZHghmOMxzsK:pLBBy64fmVIuKjvkZHBtzj

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2