General
-
Target
Documents for your perusal.zip
-
Size
182KB
-
Sample
220621-s1ddqsfabj
-
MD5
e4af042d5d649a863eab6827739e9001
-
SHA1
b2f6785025fbe96bb4a2c798ad2fabf8a56c8275
-
SHA256
4f263e67f4103762b8eafe7935691d44c6f390c201b41604105da07aeed33cc6
-
SHA512
07c607f6075b54645cb48748383f763da8672d49b66ea50f479c8e1c15249d1236bdf2ad06c0a990ad402c81680bf7f94b9b707ee32cc3883c871d12ccee9b3d
Static task
static1
Behavioral task
behavioral1
Sample
Documents for your perusal.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Documents for your perusal.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
zincox - Password:
computer@1010
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zincox - Password:
computer@1010
Targets
-
-
Target
Documents for your perusal.js
-
Size
450KB
-
MD5
8d006d2e9172f2ba4c156eb100bd31c9
-
SHA1
39f1c16f43c879986747bcdc49a7a75c7a03f0df
-
SHA256
1f0f209552a8710e45b93d500959e04bb4e0cef99e268e1b77419fb50c62cfbd
-
SHA512
b1929743781911ee7b6ed928c4dcef8fe199fe2f6850d5a22eba49fb53efad1684a601fef8f1619f9bece4a3f75703fb0e59d985e98053f485b3a2911472e44b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-