Extracted

• • Target

    18f41f2a39ff37e43e2a8e01b0447d613257682929e0d5383458935d8279773c.vbs

  • Size

    159KB

  • MD5

    dcef6132db05f9704623b495b05c1e4a

  • SHA1

    ec64670ba9e10bf41fa634be3f8b7c5bec0f719b

  • SHA256

    18f41f2a39ff37e43e2a8e01b0447d613257682929e0d5383458935d8279773c

  • SHA512

    6c4eef2875783152687021060b390269e7de5756bcdf45f26880a83a8b65e99240483be5cf72caec6210c706060b53f03ebbf49a46685b4b747fa9c1e27b5b5d

  • SSDEEP

    1536:vSBSNS2SNSJSNSImSNSzSNSmSNS8SNSySNSaSNS1SP:v0YzYsYeYmYTY5YHYPYQg

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2