Extracted

• • Target

    Proforma Invoice-H230014-RIC-VM 1.xls

  • Size

    1.1MB

  • MD5

    66570101d7cfebc561c339e86fab904d

  • SHA1

    7f9d146356522783273fdfa954a14b022a2c1c62

  • SHA256

    2c8f27475f53878362379d08fb44cbd5266404838841f855c0a8702fc3cdb854

  • SHA512

    1fb8623e0c7c1928ead0af279c105590abd46f7551abef17bf240e4c5d934dc40a83f05b845f188fce4d59d2b3816e0e2d4e989bafcc9ceccedc99ad8d01e246

  • SSDEEP

    24576:eBlzWw6sIzvo0xfsjcUos+xKYw6sXzao0xfsjcUos+xKO632YjHqJPh6wYlO:4N6sI3xfsjdos+xKT6sX6xfsjdos+xK6

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2