Extracted

• • Target

    RFQ20221123.doc

  • Size

    25KB

  • MD5

    3f6c7ad16cf47199a9dfbe2944554ef4

  • SHA1

    eae5ac08cc4cb0da9561dde7e64d323e83b20f7b

  • SHA256

    c2d3f8d87feaec6e82fbce209dd28929b7567ba62713522dd9b0d149b09993a7

  • SHA512

    845be468e7a9ad292757627bda34efa636da5c45f4d28264c44d18efd82e78ea71b419873b93e6bec5e6893eccc3645e2cea7c34cda5eccf55cc26e4be19f3e0

  • SSDEEP

    768:TFx0XaIsnPRIa4fwJMEgyQapsGdcf4A/QyoVZIkvvE:Tf0Xvx3EMrb3G+AA/Q3wkHE

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2