5/61 detections on VirusTotal
as of 14.05.2024
Malicious Microsoft Excel document used to exploit a vulnerability in Equation Editor, leading to the execution of AgentTesla.
XLS → Equation Editor → Agent Tesla
Malicious code loaded via remote template injection
Well-known RCE vulnerability in Equation Editor exploited (CVE-2017-11882)
System discovery and data collection behavior observed
Malware configuration extracted
See why we think this is malicious in plain language.
See the whole path of the sample’s execution
Map the malicious activities on the MITRE ATT&CK Framework
Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams
Download the IOCs and artifacts to have a clear picture of the threat.
Download the files that the malware downloads, drops or modifies.
Explore how you can use these insights
join VMRay for two powerhouse webinars designed to sharpen your threat detection and response capabilities — featuring a special joint session with Red Canary:
Live session's over. Watch the on-demand video to learn how VMRay and Red Canary combine forces to deliver faster, smarter threat detection!
Learn how to cut phishing triage time with automated detonation and deep analysis — quickly uncover threats while improving response accuracy!
