Extracted

• • Target

    Draft Ref0090093.vbe

  • Size

    1.4MB

  • MD5

    d8e563557d3063cac25a70feff03f256

  • SHA1

    92e306c7bffe8dff3d95f9e230ce76bdf067192f

  • SHA256

    a2f984bca4409bab211541ae884c5fa7513276b6009eee2933847a93e41a84e5

  • SHA512

    db4945cbc095558ccaa2451ec68098d97c9c991b3a325fc00d10674dc6de9c457af0874ddae54d71723662b05fb48561531688dc734e879d69d56aa9a867f874

  • SSDEEP

    24576:vjGNja9obcP8DJVN0UeOfM3VrTo6lDDJroXHFWbQXD0LJt58Sn3LHPcC:iZlwD

  Score

  10^/10

  agenttesladiscoveryexecutionkeyloggerspywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Agenttesla family

    agenttesla

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2