Extracted

• • Target

    JK903-1377.vbs

  • Size

    379KB

  • MD5

    9b49c3bad27cf63bdcc82e7fab660acd

  • SHA1

    e268fb65e1cec7f2a074201e8c9e47be74955e1b

  • SHA256

    87152f7bc3a688db213958186d808486418c98b9ef44ec777c0c5a8aae938d11

  • SHA512

    5b89c33635fe6a26b960679efed878cc84bb6268a1c8c12fd20168bef47a0b921a42d911d048468d83411e10746bbd187cdb8fe94f84c1db89a97aba97de60b7

  • SSDEEP

    1536:j89r/aDcWJwG0mtvR/Eg5GK1FaktLO8smRKsszsUQpKsO1ZQitJ0GMNN4:KtxX

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2