Extracted

• • Target

    Factura de pago1653.bat.bat.exe

  • Size

    722KB

  • MD5

    eec92f9eaf00561a5b910272f3d9e1d2

  • SHA1

    dd7d1313abef47b1a03204ed117788c24541b911

  • SHA256

    2940a8fe07543e73573471f46229165e5aa84bf7b42ac60004ab22c916aaff8f

  • SHA512

    0a17e4ed10b7ea9ed073d5fdc3e9790057567e2c120d58b612b3f0d0dc17cf93181bca71fd7bba2254f92650f30e40c9030ec46aceb36fcf1403ad73178f1973

  • SSDEEP

    12288:jV0pei36ROF/ht9gSRJXnbclb7tQrNTq5w0ftSgrwlL/2:japp36m39rzclQpbgrwl7

  Score

  10^/10

  agentteslaexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2