Extracted

Extracted

• • Target

    Scan005.js

  • Size

    2.2MB

  • MD5

    2d062c28da9b8e55c554ad3d99e26050

  • SHA1

    e80b8cb06e3665f13ef7d428e15b1fa4bdf9bc4e

  • SHA256

    ab7979631ae5e162281582ad3333e8943f0b908ef48d84c4de69e7616fef6931

  • SHA512

    b9319bfeca863d2c0d7fdadb20220b7040fa3880335ce0c73ee1f756fe3c16ce028f4b2df0e02a0de0f7a960512b82effeffab4b686900a4631460fb5cf7c5f3

  • SSDEEP

    6144:DVAv1mgQSIkYpI83y6acJmwj/9VwM4ccOrxMJ1MdrqJvNU3Wb/D4cn7XtK2T/kDg:oo71G

  Score

  10^/10

  agentteslawshratcollectionkeyloggerpersistencespywarestealertrojanredlineinfostealer

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detects Redline Stealer samples

    This rule detects the presence of Redline Stealer samples based on their unique strings.

    stealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • WSHRAT

    WSHRAT is a variant of Houdini worm and has vbs and js variants.

    trojanwshrat

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2