Extracted

• • Target

    Bank Details.js

  • Size

    374KB

  • MD5

    7c5e8174cdba01f663d435d1ea9d3c41

  • SHA1

    5b362009da4f9786b257651864c62f814d1825ed

  • SHA256

    e8d22feb82ab660c59ade0376cac6cfa39e089d4386c503282ec06e5e15e7659

  • SHA512

    56a291c7f08bf2c95695a48567a07feb6f8d8cca9266fc6d9d259dd2e1440bf26a987ffb3b84770402dca80e07d0899334f99daad03e724774b401cc76350835

  • SSDEEP

    6144:Nw/VyURyDDckawASdoFoYbwXiC4gJMYSDnc3erU5B7LGfMzT:iy4xA4gJNSvgmfMP

  Score

  10^/10

  agentteslavjw0rmcollectionkeyloggerspywarestealertrojanworm

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Vjw0rm

    Vjw0rm is a remote access trojan written in JavaScript.

    trojanwormvjw0rm

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2