General
-
Target
Drawings-NRTT_DMK.js
-
Size
408KB
-
Sample
220815-tf782scgfr
-
MD5
1f2339218ab3834093d6aa27dea7d219
-
SHA1
f28dbae21644fed142fb3925ba51a78963f8ae00
-
SHA256
274d872400d90914f4c93b2ad50482cdcd862dc241ff3ad9367f7667342b8611
-
SHA512
a5d59dc30d9c097598d434a02d4b0587ad9e54307f0b70df47a80d9a8f5323b39af05bf86ef89917f5c174f5adbdbdb87d52a2c5d6266b65e83876b3a5c3aa45
Static task
static1
Behavioral task
behavioral1
Sample
Drawings-NRTT_DMK.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Drawings-NRTT_DMK.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
Newton@22
Targets
-
-
Target
Drawings-NRTT_DMK.js
-
Size
408KB
-
MD5
1f2339218ab3834093d6aa27dea7d219
-
SHA1
f28dbae21644fed142fb3925ba51a78963f8ae00
-
SHA256
274d872400d90914f4c93b2ad50482cdcd862dc241ff3ad9367f7667342b8611
-
SHA512
a5d59dc30d9c097598d434a02d4b0587ad9e54307f0b70df47a80d9a8f5323b39af05bf86ef89917f5c174f5adbdbdb87d52a2c5d6266b65e83876b3a5c3aa45
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-