General
-
Target
Documents for your perusal.js
-
Size
1.0MB
-
Sample
220628-l3dc7agfcr
-
MD5
377613bfa2aa0b0143caeadf2fcad9fb
-
SHA1
c6ca17a49b21e31c43e7b0ab99e8fc40abe6f6dd
-
SHA256
8e489340e5a0c5c56cfda0312f390e8479693264ce0efd9a8f82ac2acc5435b8
-
SHA512
cd5483d6c8c6690872664294cfb6da2a49655a9a2cbcef4d5ba52e6ac0669f8cbb0dfea0c64d79603cd1488b4ecb17d95e57a7e63bde27747f397b53450a1dff
Static task
static1
Behavioral task
behavioral1
Sample
Documents for your perusal.js
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Documents for your perusal.js
Resource
win10v2004-20220414-en
Malware Config
Extracted
Protocol: ftp- Host:
files.000webhost.com - Port:
21 - Username:
zincox - Password:
computer@1010
Extracted
agenttesla
Protocol: ftp- Host:
ftp://files.000webhost.com/ - Port:
21 - Username:
zincox - Password:
computer@1010
Targets
-
-
Target
Documents for your perusal.js
-
Size
1.0MB
-
MD5
377613bfa2aa0b0143caeadf2fcad9fb
-
SHA1
c6ca17a49b21e31c43e7b0ab99e8fc40abe6f6dd
-
SHA256
8e489340e5a0c5c56cfda0312f390e8479693264ce0efd9a8f82ac2acc5435b8
-
SHA512
cd5483d6c8c6690872664294cfb6da2a49655a9a2cbcef4d5ba52e6ac0669f8cbb0dfea0c64d79603cd1488b4ecb17d95e57a7e63bde27747f397b53450a1dff
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-