Extracted

• • Target

    Doc_LOI.vbe

  • Size

    8KB

  • MD5

    608aa4b6781b5333f940f9d0a933313f

  • SHA1

    72282fe231e6e43d0785188e5e8509ff9bd59b8c

  • SHA256

    13d3a1cdba937a0d1dcf706e85b320da66b2cc1ec1193839319511688847abbc

  • SHA512

    3dbf0e3538070a372adb492b771e8360b02f4f3c0cf09092493d0c9bf487eefb26a8ee3a468047f3f36b284f34325e21f6c77b7352ca9e38a20b53c092f2684c

  • SSDEEP

    192:3eS9aNfePvTsC7kYna9INmRo4OCk01bB3K:tsmj7k4aaYRtOCLBa

  Score

  10^/10

  agenttesladiscoverykeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2