General
-
Target
productList-pdf.js
-
Size
398KB
-
Sample
220815-tf7yaaffb6
-
MD5
67e8782fae2a854e07eb6eb411f758c8
-
SHA1
9ed9b336a0a96c8dbc45ed230950ef35693f25ed
-
SHA256
bd19686034b4d10dd2c84c6732e637fd3bd076b74e0b19dd4d0f86ab46500c5f
-
SHA512
2e7d5b30b3732ad67e5624fcce7551a6f3113816b55afb4484996985a7f56fc34a4165639988a362a7c75f176a0bee224a54a6e9fb758d84f4e609b9ad29817c
Static task
static1
Behavioral task
behavioral1
Sample
productList-pdf.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
productList-pdf.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
server240.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Success4sure2day10@
Extracted
agenttesla
Protocol: smtp- Host:
server240.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
Success4sure2day10@ - Email To:
[email protected]
Targets
-
-
Target
productList-pdf.js
-
Size
398KB
-
MD5
67e8782fae2a854e07eb6eb411f758c8
-
SHA1
9ed9b336a0a96c8dbc45ed230950ef35693f25ed
-
SHA256
bd19686034b4d10dd2c84c6732e637fd3bd076b74e0b19dd4d0f86ab46500c5f
-
SHA512
2e7d5b30b3732ad67e5624fcce7551a6f3113816b55afb4484996985a7f56fc34a4165639988a362a7c75f176a0bee224a54a6e9fb758d84f4e609b9ad29817c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-