General
-
Target
BdRdalcppw_o.js
-
Size
386KB
-
Sample
220627-j3tztsbfh2
-
MD5
5b6888d645abc20b14b8f7668e0f2af3
-
SHA1
6aa46e2bdc1904b8ca175e9589f4a1f6caa44d53
-
SHA256
76e7187725b81d9f6d7861de278eec7ca788c8a7f35cbe29d2e23a274550e58e
-
SHA512
c1495c3e975375729186636055eeb7dd399b2321521513d559861f69a5779cc45ba244b7f124909f71852645bf7c072804662220e4daa2950a90877ad752cd5e
Static task
static1
Behavioral task
behavioral1
Sample
BdRdalcppw_o.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
BdRdalcppw_o.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5171883538:AAEyFWuNh68SJNNpkDCQbviRgrklZA3K4Qs/sendDocument
Targets
-
-
Target
BdRdalcppw_o.js
-
Size
386KB
-
MD5
5b6888d645abc20b14b8f7668e0f2af3
-
SHA1
6aa46e2bdc1904b8ca175e9589f4a1f6caa44d53
-
SHA256
76e7187725b81d9f6d7861de278eec7ca788c8a7f35cbe29d2e23a274550e58e
-
SHA512
c1495c3e975375729186636055eeb7dd399b2321521513d559861f69a5779cc45ba244b7f124909f71852645bf7c072804662220e4daa2950a90877ad752cd5e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-