General
-
Target
UPDATED SOA.js
-
Size
392KB
-
Sample
220816-hzdb8sgeh3
-
MD5
68d96b8efb44dbfafc5b211172701b24
-
SHA1
d0dc594d110229ed8b7facf3c5456400b557e473
-
SHA256
9f9766be676c58a1308d3995acc28415ff75acc4e0ffa289fd592eebcb8ecfcb
-
SHA512
5e1c596862d86bb9d63c47670b33b41c95f93e0937dd0891acc125e524fe52949b1580626aa22601c956e8eef57c8c031a68e92a5aefe6dff93bcdb651d3e10c
Static task
static1
Behavioral task
behavioral1
Sample
UPDATED SOA.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
UPDATED SOA.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.losbrothersconstruction.com - Port:
587 - Username:
[email protected] - Password:
508135Pry
Extracted
agenttesla
Protocol: smtp- Host:
mail.losbrothersconstruction.com - Port:
587 - Username:
[email protected] - Password:
508135Pry - Email To:
[email protected]
Targets
-
-
Target
UPDATED SOA.js
-
Size
392KB
-
MD5
68d96b8efb44dbfafc5b211172701b24
-
SHA1
d0dc594d110229ed8b7facf3c5456400b557e473
-
SHA256
9f9766be676c58a1308d3995acc28415ff75acc4e0ffa289fd592eebcb8ecfcb
-
SHA512
5e1c596862d86bb9d63c47670b33b41c95f93e0937dd0891acc125e524fe52949b1580626aa22601c956e8eef57c8c031a68e92a5aefe6dff93bcdb651d3e10c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-