General
-
Target
RFQ_ERSPEOEOT-BOQ.js
-
Size
397KB
-
Sample
220815-tf7yaacgfn
-
MD5
e02347ac7601d49a3fb9c5e833a74b76
-
SHA1
677b725cad46390c0ad1f9d2db6c364b3ee9254b
-
SHA256
a27068873cabebea326714ca7d9c85b0fdbdb9266522babf3410d3584dc2ed68
-
SHA512
d680c37fc6705044d18e222006c7f5e2be39b341e45c2821303f2fab71d217c84c9366ec843df1b2196521e49e4aa58d724dfff53d9fd71cd0ea243fe6a5eec3
Static task
static1
Behavioral task
behavioral1
Sample
RFQ_ERSPEOEOT-BOQ.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
RFQ_ERSPEOEOT-BOQ.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5435181529:AAFcLLerCu2sj2T7WqqNwdJLOfZk0xh7NZ0/sendDocument
Targets
-
-
Target
RFQ_ERSPEOEOT-BOQ.js
-
Size
397KB
-
MD5
e02347ac7601d49a3fb9c5e833a74b76
-
SHA1
677b725cad46390c0ad1f9d2db6c364b3ee9254b
-
SHA256
a27068873cabebea326714ca7d9c85b0fdbdb9266522babf3410d3584dc2ed68
-
SHA512
d680c37fc6705044d18e222006c7f5e2be39b341e45c2821303f2fab71d217c84c9366ec843df1b2196521e49e4aa58d724dfff53d9fd71cd0ea243fe6a5eec3
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-