General
-
Target
Order_PO398524785.js
-
Size
398KB
-
Sample
221005-l7c8zseac6
-
MD5
1fbdad6970b6d87cfe09d50ba8954c84
-
SHA1
91519d480a627602bb4bccd8bc13c20734839a8e
-
SHA256
eb7fb84a49611c285605158c027c99274dd0c9e0814d47c8400b683fdd960246
-
SHA512
a3e4af6281381029a4c9a8d54dc9c0420d03f48e4994f6d3262f857035242a5c704f6f76c2536445c5cc8f236c8fb514cec2097e616f34520a686f6534c10cce
-
SSDEEP
6144:ufkTb6uxdbaXizoY9Z4lwCjbUECLmOLtUtv:u6Xbrzvsly3sv
Static task
static1
Behavioral task
behavioral1
Sample
Order_PO398524785.js
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Order_PO398524785.js
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.rzr0ngtai.com - Port:
587 - Username:
[email protected] - Password:
KBRvm@q1
Targets
-
-
Target
Order_PO398524785.js
-
Size
398KB
-
MD5
1fbdad6970b6d87cfe09d50ba8954c84
-
SHA1
91519d480a627602bb4bccd8bc13c20734839a8e
-
SHA256
eb7fb84a49611c285605158c027c99274dd0c9e0814d47c8400b683fdd960246
-
SHA512
a3e4af6281381029a4c9a8d54dc9c0420d03f48e4994f6d3262f857035242a5c704f6f76c2536445c5cc8f236c8fb514cec2097e616f34520a686f6534c10cce
-
SSDEEP
6144:ufkTb6uxdbaXizoY9Z4lwCjbUECLmOLtUtv:u6Xbrzvsly3sv
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-