General
-
Target
SbPbhXXaAe_ori40teleevery.js
-
Size
386KB
-
Sample
220627-skk4mscagl
-
MD5
917298a0ef1125c31dfc7762135d9978
-
SHA1
b6902cd75e83cae4ff2a3ce12f0314d364d5f481
-
SHA256
173bf8f0a06a99b6ff4fd216a0be00b834aa4337828b91124da5d533e674fccf
-
SHA512
b1ad86cd50f605ecd3bd7e9d99835dd97f64f16efa97b416e08c1c61d311874807951b7e8a887d76a1de197643a68b863fab5644010756abf384941786d3b9e1
Static task
static1
Behavioral task
behavioral1
Sample
SbPbhXXaAe_ori40teleevery.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SbPbhXXaAe_ori40teleevery.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5171883538:AAEyFWuNh68SJNNpkDCQbviRgrklZA3K4Qs/sendDocument
Targets
-
-
Target
SbPbhXXaAe_ori40teleevery.js
-
Size
386KB
-
MD5
917298a0ef1125c31dfc7762135d9978
-
SHA1
b6902cd75e83cae4ff2a3ce12f0314d364d5f481
-
SHA256
173bf8f0a06a99b6ff4fd216a0be00b834aa4337828b91124da5d533e674fccf
-
SHA512
b1ad86cd50f605ecd3bd7e9d99835dd97f64f16efa97b416e08c1c61d311874807951b7e8a887d76a1de197643a68b863fab5644010756abf384941786d3b9e1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-