Extracted

• • Target

    AprilOrder.doc.bin

  • Size

    39KB

  • MD5

    15ab40c00a4c0722e193e044ffd6a9a2

  • SHA1

    2a138f2786611a3640ddd5dd704a3f53b858ba9e

  • SHA256

    4610cb0b82c1f82ce2dcd39bef0102534b0e459726262c9e0198bc29b888b29a

  • SHA512

    2514a262d8075d82efa193720c0bb95dbc752a36c70a3d74ae9bced2c4ec041ce3c5fa0a1bdf1a3606e652f9e844849ca91001ee708181ee7f978b4670ac1376

  • SSDEEP

    768:TZwAbZSDfFMnFVIKpcMYRbEJF80vyzsSG0dodrw8Ancw:dwAl0uFVXCMdc0vaEthAncw

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2