Extracted

• • Target

    SVT787548-INF8985678089-57QWGHUI7.xlam.xlsx

  • Size

    805KB

  • MD5

    b0519ab985bf00c58bf72c8c0b57cac4

  • SHA1

    bc46f1a57dcf145f0e3e45e360adb77be8bbc6d5

  • SHA256

    3ffab2379543cd74e1e8ef2b3fcba558dfc8e2ec5346a7c7b682bda647ce4973

  • SHA512

    8fb177421623afd6e75b3cb14984c69799a8965b22c8476149cd8e6680102cdb9ed7f4a25f2a285a175f2c06f627a14e0c8fb548f90a74ddd1f3f376ee5aa531

  • SSDEEP

    24576:afjrvHEvTJkWxJ+DG3DwSq1O/TpsUJIXTdbK:ej7HEvTB/+i3MSqs/+XTpK

  Score

  10^/10

  agentteslacredential_accessdiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2