Extracted

• • Target

    a32c204008b19238bf121a713fc57e95eab775cc388f5466e35c0f024750e777.vbs

  • Size

    1.2MB

  • MD5

    bb4eac10bd885d26d6cdbe6d0660ba7f

  • SHA1

    59121e22508485c493d12f8a233df27b7e7ad2bf

  • SHA256

    a32c204008b19238bf121a713fc57e95eab775cc388f5466e35c0f024750e777

  • SHA512

    11af05bff032598539baef418561142da7b6328735d5d2a4733a47df30ee69daed24ecedf573f7fa299a6f876d81faca28fe1da6c961102b29f6179db55ba396

  • SSDEEP

    768:II7XTXBje9YWXA0rsntuTKDsonyd2B2ovOm4LOw7A7PTMYTR:fJj9GPeDsFd2AoR4LFuTR

  Score

  10^/10

  agentteslacollectionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2