Extracted

Extracted

• • Target

    b3f2c0468d40628a6fa17d8dfaca76b89525063c9f1c3b337f9929311e4d7cfe.vbs

  • Size

    196KB

  • MD5

    154c5d86522ffd7a1cd03d23b3b19ee5

  • SHA1

    41743b862c01c4c8eef124a85560657f58a0a575

  • SHA256

    b3f2c0468d40628a6fa17d8dfaca76b89525063c9f1c3b337f9929311e4d7cfe

  • SHA512

    0179e5323e21f3f34dbbe5ed2930ca25fa8158db15824adae867e9cf74df1a642516aa86910676c06a3f39fe9a7f7296f8f5fa70e7a23b4227535bd0b525a760

  • SSDEEP

    3072:k+az7K1R0Qnfs+7d7mz6WK5jiAQeQ/fCdkoLTIXlcoutMAp5Fvk2:SCXkKIeWK5jFw3CGc9tXp5Fvk2

  Score

  10^/10

  agentteslakeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2