General
-
Target
PO_UIBHHX_1.js
-
Size
21KB
-
Sample
221003-jvdymsffbm
-
MD5
88c6e84831b422b9d434b07bbbe79c59
-
SHA1
70836ddd3f433ceeb4f41d0b838648128064ed9d
-
SHA256
b27c1193731a6b9945c21dd07602cd5a5dc97ff12066175b9864af4172f2238f
-
SHA512
956e6f69292bbda69c92b39372a15c9464ec0ebb31cb91e6f9fb60b767238dfa1853d4a645b82c2c6e1e95cff75043bf7e31c652838e0175171b3a5de6167520
-
SSDEEP
384:QljVAOQlKJhuGBQMHhGKYXzYaB7n1onTaeLc3vNTo1Hmu6jI/BA/oyJ2wko:YQoJP/5i91oVONTo1GiJA/32Fo
Static task
static1
Behavioral task
behavioral1
Sample
PO_UIBHHX_1.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO_UIBHHX_1.js
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
dmkozlovd@yandex.ru - Password:
Newton@22
Extracted
vjw0rm
http://kezs.duckdns.org:7974
Extracted
wshrat
http://kezs.duckdns.org:1604
Targets
-
-
Target
PO_UIBHHX_1.js
-
Size
21KB
-
MD5
88c6e84831b422b9d434b07bbbe79c59
-
SHA1
70836ddd3f433ceeb4f41d0b838648128064ed9d
-
SHA256
b27c1193731a6b9945c21dd07602cd5a5dc97ff12066175b9864af4172f2238f
-
SHA512
956e6f69292bbda69c92b39372a15c9464ec0ebb31cb91e6f9fb60b767238dfa1853d4a645b82c2c6e1e95cff75043bf7e31c652838e0175171b3a5de6167520
-
SSDEEP
384:QljVAOQlKJhuGBQMHhGKYXzYaB7n1onTaeLc3vNTo1Hmu6jI/BA/oyJ2wko:YQoJP/5i91oVONTo1GiJA/32Fo
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-