Extracted

• • Target

    Bank Slip & Payment Voucher.doc

  • Size

    13KB

  • MD5

    d0a416b0a75f04913ad613c8a09610e8

  • SHA1

    470b8cd5facfd77a5728b2720a6fa9249e046ac2

  • SHA256

    0ad39ce3358ed09ef8973226c129a23c61c1de1dcb79d92d006dddd42ed59142

  • SHA512

    dbc7cf0dec290891d631302008f155af5880fbb1d958acf6432f4c980395880e3572b09392ef5939e928dc19a56ba3bf51928660cf186fc4efe50375f1f93218

  • SSDEEP

    384:ZqfvX+ThlSedosm+EvfHc80lVzcOSJXKvFgVIE9eF:weT95m+Evfu0FKNPaa

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2