Extracted

• • Target

    22052024_0158_21052024_documentos.xlsx

  • Size

    10KB

  • MD5

    baa10c6f2c1aed5b7d0b663b6155a4c3

  • SHA1

    85ba1a4f78f9811012cddd3421229d795724d594

  • SHA256

    6fdfaa6aa0118f1bc15869c8e51c24fd5e55340fbc8d1cc9183939070ab22652

  • SHA512

    08c35a246865924ef0b792f0a29995d228c4cfb065c8d1a6866f2f939d42a96b6d7b8129222b5b8274065592b4176137c2f9b2f01c5f91e532da4b0b4aad745c

  • SSDEEP

    192:9TZS4VyvSDkM8GAtgB7ol+Au/el0nWZ1X8H3nA/o3NRfUN:9TZHe6kM8Btg5a+ArZ1T/+KN

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2