Extracted

Extracted

• • Target

    d79dbb236bd0f95b5fc44b696c7dc098b42519931778080040a73b9eaf57ee86.xls

  • Size

    1.0MB

  • MD5

    a864acb83b3a238490b5019c40695ee6

  • SHA1

    813dcac587b12d1b197772493ad1ba521bdf7992

  • SHA256

    d79dbb236bd0f95b5fc44b696c7dc098b42519931778080040a73b9eaf57ee86

  • SHA512

    340d6bdad0494baa89a08d1c6923d112928734f1f3fea8eb74ea3088a5a4fe17f4395f463ea5c395e6523900dddeeaff13a1afc96ad0c7fd219b148b3dea63d3

  • SSDEEP

    24576:oLK3SSMMednEwakAmmjmRakAmmjmF+MXUK3eT2222222222222222222222i2LN:oLKBM7aaoeaaoW+MXih

  Score

  10^/10

  agentteslapurecryptercollectiondownloaderkeyloggerloaderspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2