Extracted

• • Target

    PRICE REQUEST FOR ITEMS .doc

  • Size

    25KB

  • MD5

    03155cbe14d0f635c944d11de1f13516

  • SHA1

    39034545bcea63c84b20a107df1c0bae88112a1b

  • SHA256

    bf009ac1b3f046c23a2b4bbe3ad91ea7d6a6431007c0cf4bb4de095bf10d1511

  • SHA512

    50e41a2f80f5a567c1eb51e7deb132c19344f7456948fbd15c1a921086172f57e496c2cf0a8591bfce1d2679ad464be410d72dc3f171e1e6da7b15992d21b03d

  • SSDEEP

    768:WFx0XaIsnPRIa4fwJMPtznb3pintKkCRfN6UO4F0r:Wf0Xvx3EMP5DApCR8Ue

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2