General
-
Target
Documents for your perusal.js
-
Size
450KB
-
Sample
220617-kbabsabbbl
-
MD5
8d006d2e9172f2ba4c156eb100bd31c9
-
SHA1
39f1c16f43c879986747bcdc49a7a75c7a03f0df
-
SHA256
1f0f209552a8710e45b93d500959e04bb4e0cef99e268e1b77419fb50c62cfbd
-
SHA512
b1929743781911ee7b6ed928c4dcef8fe199fe2f6850d5a22eba49fb53efad1684a601fef8f1619f9bece4a3f75703fb0e59d985e98053f485b3a2911472e44b
Static task
static1
Behavioral task
behavioral1
Sample
Documents for your perusal.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Documents for your perusal.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
zincox - Password:
computer@1010
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zincox - Password:
computer@1010
Targets
-
-
Target
Documents for your perusal.js
-
Size
450KB
-
MD5
8d006d2e9172f2ba4c156eb100bd31c9
-
SHA1
39f1c16f43c879986747bcdc49a7a75c7a03f0df
-
SHA256
1f0f209552a8710e45b93d500959e04bb4e0cef99e268e1b77419fb50c62cfbd
-
SHA512
b1929743781911ee7b6ed928c4dcef8fe199fe2f6850d5a22eba49fb53efad1684a601fef8f1619f9bece4a3f75703fb0e59d985e98053f485b3a2911472e44b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-