Extracted

• • Target

    Orden de compra.xla

  • Size

    391KB

  • MD5

    84129445f6446d089445dbe993224dcd

  • SHA1

    7e8ccd59f7484ca6e2701404ff8c77182cba2dce

  • SHA256

    3eb49f3cd7bdc676ac5b8f46c9ff956717275b7dd7ab90fbea3e3fe3fbaae576

  • SHA512

    47ebc4e589bc797896727857c91d6e6f6c3ee99b5e41cae7f4336e1fe643f6da3d436bc5edba234af31e419b82d337e03904b293b36fa3a245b1bd3cf6caadce

  • SSDEEP

    6144:YDn1m9kdbaG3mU+ZKy4ij4a3DjKcUX1edr1aqizRBfqGudZFAW6ffPPXC53EE:YDOeuiqKjij4a3DjM1ehMvmFC3Xq3EE

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Abuses OpenXML format to download file from external location

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection
  behavioral1behavioral2