Extracted

• • Target

    9998ef5f4ea72ae55f9f033b6aa7c21e5e3461ddd69e90a6525042ff6daab653.rtf

  • Size

    4.1MB

  • MD5

    7b044d66c7fcbc3d3bf6f5d52e96d3b2

  • SHA1

    f671b1d17948e20794bcd209d8ea1c32b1074155

  • SHA256

    9998ef5f4ea72ae55f9f033b6aa7c21e5e3461ddd69e90a6525042ff6daab653

  • SHA512

    b4f1589734e848061bd6680553c5f5cd625533133421681a561980d94f6d64b833920ef055961bb9719e47e78cbf86e3b1c62e41b8fac4044ccb8529aed92018

  • SSDEEP

    24576:+nLjMle4Ywg76KhKdRukZV+Sc7N4angyRulXC1rfw8BVWXNY0nVJqTsocGmShjy2:y

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2