Extracted

• • Target

    INV01542 , INV01562-7500003124 JTR-0084.bat

  • Size

    820KB

  • MD5

    0b87c44a55bc24c1a96e1797c939bb10

  • SHA1

    af91b2b662f7a1827fba6bf5158178dd8cebcbd7

  • SHA256

    bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36

  • SHA512

    e5938abe43807c803726c20a21c4c970e03f3caca72b370288b428aaa8a553b3f219039386819eb9df662ed4b02a8a11a12ef2e3e6d5cba1a5e413d14fc8948f

  • SSDEEP

    12288:EoMKhM39TXsTAiM6kVRl+64Oh0dRnlRq1SXx0JmHT2p45kM61iBoVm:tMacicY5dReoXx00HqskM6cBt

  Score

  10^/10

  agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2