Extracted

• • Target

    comprobante.xlam.xlsx

  • Size

    677KB

  • MD5

    e80d7b0d84d9813bbc036baf7070b8e2

  • SHA1

    19d8a69fb20ecc14e6b2fc3a48d5781b9a5deece

  • SHA256

    c257a8f4249d22d5f0250b80d0822fa437183f70123d2a7175330f8a34a278cb

  • SHA512

    6c905815e8fe63fe1e926238ec456b842e423cc4817098ef374f1c98645bfbea10c90e5af29d8ee9673bd9357a81dbcfce806579c7c644524eb420713155c858

  • SSDEEP

    12288:LWcIIO6L8S0N5nukjjdIf0166RHf8xvhj+LvweiUeXPlgCwVgXNJi8zlj2fW:LWqLehjjygf8thYvkU6PB

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2