Extracted

• • Target

    PaymentIBAN Confirmation.xlam.xlsx

  • Size

    793KB

  • MD5

    2a58821e3a588505217167f1ca6e5d81

  • SHA1

    8b0084213b557645e873aea87bf64234301979ca

  • SHA256

    81d56b3c7ac76cb16c15d4efe7a4d3658d80b17675b72b9300a237b333281bfd

  • SHA512

    f7375c125b962d0d76700d794b2b1579ec4b2c44c15a5966459f1763b20ca3944b50b44e531842785509b34debc87a744cf40a6c771fa9b724d2b09c4ca5f545

  • SSDEEP

    24576:DFcDtqdP65MbRXuChLBnRL52c+dvwPTdVulpv:BcpcPZb5uc1RgdJw/av

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2