General
-
Target
New Email Added and Messages Alert.js
-
Size
508KB
-
Sample
220621-lg2hwsehh9
-
MD5
0a74331331f9118783c14a258df23047
-
SHA1
bfc2ad650dcf6271a07f6eb5ce3efe82b87b7c38
-
SHA256
b4629fb4d969ce71bc3e0f8725243ed55f592a944a9ab43044e857d896dee871
-
SHA512
516f8d65e05b581b9262945ef9b8d69bd09319c3768d65ac5b7dda3c065722eba63c5baaa48a9214b724764cf03447235c301025a8b815eb3d80d080be55adc6
Static task
static1
Behavioral task
behavioral1
Sample
New Email Added and Messages Alert.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
New Email Added and Messages Alert.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
zincox - Password:
computer@1010
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zincox - Password:
computer@1010
Targets
-
-
Target
New Email Added and Messages Alert.js
-
Size
508KB
-
MD5
0a74331331f9118783c14a258df23047
-
SHA1
bfc2ad650dcf6271a07f6eb5ce3efe82b87b7c38
-
SHA256
b4629fb4d969ce71bc3e0f8725243ed55f592a944a9ab43044e857d896dee871
-
SHA512
516f8d65e05b581b9262945ef9b8d69bd09319c3768d65ac5b7dda3c065722eba63c5baaa48a9214b724764cf03447235c301025a8b815eb3d80d080be55adc6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-