General
-
Target
iWBFskGDau_ori40teleevery.js
-
Size
413KB
-
Sample
220628-l2tc1sadh2
-
MD5
4fc2afe00fa6f77bf8c63bf48d04c49c
-
SHA1
4fe56745ef29fb87e75e05c878da2495a90b878c
-
SHA256
34ac6880e8974d521aea21df792f98ea07e4ea0f5d868847e8129e0f6b81b39b
-
SHA512
1de1febdfa9c7e79f5111a494e65c6b50d9db80088201ae83a9d85314a1e0dfbf62a4bfbdd01ec9ff737bd2fadcb35da85a18302f9cd986e758dc05f27ac26e5
Static task
static1
Behavioral task
behavioral1
Sample
iWBFskGDau_ori40teleevery.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
iWBFskGDau_ori40teleevery.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5171883538:AAEyFWuNh68SJNNpkDCQbviRgrklZA3K4Qs/sendDocument
Targets
-
-
Target
iWBFskGDau_ori40teleevery.js
-
Size
413KB
-
MD5
4fc2afe00fa6f77bf8c63bf48d04c49c
-
SHA1
4fe56745ef29fb87e75e05c878da2495a90b878c
-
SHA256
34ac6880e8974d521aea21df792f98ea07e4ea0f5d868847e8129e0f6b81b39b
-
SHA512
1de1febdfa9c7e79f5111a494e65c6b50d9db80088201ae83a9d85314a1e0dfbf62a4bfbdd01ec9ff737bd2fadcb35da85a18302f9cd986e758dc05f27ac26e5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-