Extracted

• • Target

    UNICO - STATEMENT OF ACCOUNT JANUARY 2023.vbs

  • Size

    418KB

  • MD5

    9c04033a09694d28258d0a6a183fe798

  • SHA1

    0137ae773b97c97e9c5769607090cfc7fa123c24

  • SHA256

    c17cc4b45c7800276ec90e29e20b0df92d0781ef25bbc060cfb8a0fc093e4a33

  • SHA512

    bf6b1e10ef1e770acc0a7bf8644edeea0ea321eaff0cd64a844d9c80e4b0de6f4fbeaeb1a0e477243c8abca1f7f67e99976ce91c667dc30574712450be9b297a

  • SSDEEP

    6144:eK0IHb/7T+wBoof/zvLx8gFL6a83ezZmpXQqmp66Qo1t6aCf8zG15UtGqSk6yL:eK5fCfCTx8gv8x5NmY4tE1WVT

  Score

  10^/10

  agentteslaguloadercollectiondownloaderkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader

  • Blocklisted process makes network request

  • Checks QEMU agent file

    Checks presence of QEMU agent, possibly to detect virtualization.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of NtCreateThreadExHideFromDebugger

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2