Extracted

• • Target

    New Order POREF9089056.xlam

  • Size

    582KB

  • MD5

    49738439bcfcfc5004baa26882cac103

  • SHA1

    c0bce9d61a737f73447ac5cd5790f2912664813a

  • SHA256

    e3c5829c621c6eae33c20f6744acdec9671779ca8e9ec555052638aa2577a587

  • SHA512

    352e740314843484c314bf94cdffa987bbba57b1564a5722f4e5d1074f344a17b298c40a384f6aa40c4690650f9116acea73e9c792e0e17100b9501707db93a8

  • SSDEEP

    12288:IRFQqU2NWQVENBwXsQ5s1jp1Wy2jd23qAleDVyVMK:qpuuP5s1OPjdeqnkVB

  Score

  10^/10

  agentteslazgratcollectionkeyloggerratspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect ZGRat V1

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2