Extracted

Extracted

• • Target

    doc20241402070611.bat

  • Size

    1KB

  • MD5

    1cef4895af813de334d132c8a8c4995a

  • SHA1

    540629b7bd97ee548300c9390b740f3d77449fd2

  • SHA256

    e749d258ab856425335b85c2a15a7902541e896431fd05725b1c35dff7b89d10

  • SHA512

    4c58be35b389ae6c2c036180271607de769e642a61611553998a5f9f3f0c492832c0ef1b4c624cbbff3d71e36284b857a8342ac3f6c048c67a1e2fc77a473666

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2