General
-
Target
ab035e6c1857dd339d02c5464e56aa01
-
Size
449KB
-
Sample
220627-qv8atabfbn
-
MD5
ab035e6c1857dd339d02c5464e56aa01
-
SHA1
c73f8041fdaab2352ffc3be55398bbf864fe60e2
-
SHA256
8747c2fcd1bff3c59167d0a6f33c9bcd3d089f01d918db134d598dbd77d953f6
-
SHA512
25deeaeaccfb78776ad66daade2ed15be0a201578d503de8e200505ed355c5f0082af961f5e34dae5a9849701ccac0714045fefd4d835a036ff765367492680d
Static task
static1
Behavioral task
behavioral1
Sample
Machinery Specification And Models.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Machinery Specification And Models.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.leaf.arvixe.com - Port:
587 - Username:
lalje@essalmajed.com - Password:
000000
Extracted
agenttesla
Protocol: smtp- Host:
mail.leaf.arvixe.com - Port:
587 - Username:
lalje@essalmajed.com - Password:
000000
Targets
-
-
Target
Machinery Specification And Models.js
-
Size
934KB
-
MD5
f0c5b13e7ce8bb82395f166cb95f1b70
-
SHA1
c5e269f5d14782699aec933cdc2c76c920e09816
-
SHA256
74a834ad404d9fc6fbbd0e1afc46df019cd7d4f8d5e60353d08172765e06177f
-
SHA512
5c0810178ae840a48f8c74e487061f7215c37d50a077b4cbf9724a17750057c9e921e553170f245d904cd416c7efcca1d4a02998d6ee484365580d6524b5c2c3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
suricata: ET MALWARE AgentTesla Exfil Via SMTP
suricata: ET MALWARE AgentTesla Exfil Via SMTP
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-