Extracted

Extracted

• • Target

    333343MPDW-constraints.vbs

  • Size

    96KB

  • MD5

    68f1806fe9b9ef502b39df87c915c1a3

  • SHA1

    be6a50cfb696458781876d0a0c5a2b7bbd122003

  • SHA256

    1bdfe6f21b7a29417448cf67abaa31b40e05c36565fba5d6ae87d69a0b34919a

  • SHA512

    e8cac45dc1f8f21775e8a164289c49e8b44d858a2b1e5c4bff8dab7a487ec2b3582baa3af0316dc337f2b28254a4b1b032ba9a9ef7cae14cc7330896e2e2faf0

  • SSDEEP

    1536:VT1yJpqU2CAFLOkZfnW/tiBOTc2EkeJ7gZOg/B4659GLj+vASLQLrjnXflpxc:VT1TCAkkZfiYSbzRZ4659GfG8LrLfjq

  Score

  10^/10

  executionagenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2