General
-
Target
new orders.js
-
Size
388KB
-
Sample
220816-hzdb8sdhbl
-
MD5
fbbfbf5e808c73443ce1045c58993b58
-
SHA1
32493b8d3858783d5098db1040f49d796e6475f0
-
SHA256
41a2892987c1d6a2d2815fe7a06897b873003d65e32ead538e5de8b2b09a904a
-
SHA512
30851c706dc2b5be2466085d4cef6994a4faaf1fa677d1012c727af6730cec88409131340d8c6fee93fd67fac004c565e51793dad451107ce4dfec3ba22b2c25
Static task
static1
Behavioral task
behavioral1
Sample
new orders.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
new orders.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.losbrothersconstruction.com - Port:
587 - Username:
[email protected] - Password:
508135Pry - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.losbrothersconstruction.com - Port:
587 - Username:
[email protected] - Password:
508135Pry
Targets
-
-
Target
new orders.js
-
Size
388KB
-
MD5
fbbfbf5e808c73443ce1045c58993b58
-
SHA1
32493b8d3858783d5098db1040f49d796e6475f0
-
SHA256
41a2892987c1d6a2d2815fe7a06897b873003d65e32ead538e5de8b2b09a904a
-
SHA512
30851c706dc2b5be2466085d4cef6994a4faaf1fa677d1012c727af6730cec88409131340d8c6fee93fd67fac004c565e51793dad451107ce4dfec3ba22b2c25
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-