5/61 detections on VirusTotal
as of 14.05.2024
Malicious Microsoft Excel document used to exploit a vulnerability in Equation Editor, leading to the execution of AgentTesla.
XLS → Equation Editor → Agent Tesla
Â
Malicious code loaded via remote template injection
Â
Well-known RCE vulnerability in Equation Editor exploited (CVE-2017-11882)
Â
System discovery and data collection behavior observed
Malware configuration extracted
Â
See why we think this is malicious in plain language.
See the whole path of the sample’s execution
Map the malicious activities on the MITRE ATT&CK Framework
Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams
Download the IOCs and artifacts to have a clear picture of the threat.
Download the files that the malware downloads, drops or modifies.
Explore how you can use these insights
