General
-
Target
Order-POF561.js
-
Size
4.4MB
-
Sample
230522-krnjcafb76
-
MD5
600ff23c99cac605541142deb6d59d08
-
SHA1
609b030ed3ab2d856533efb140505ef77ab45e27
-
SHA256
b7c5d83bcb09217db3593681c1aab762b936b6bdcdef4c89b155ed5456d2224f
-
SHA512
f5143ca822ee39815cd7fd4e940451e3cf7a19ab6afc8052a2ce8b66525074c50033ae244de9950c4b30162d524972037ff0ea5f941663b8ab4377d73a6fd286
-
SSDEEP
24576:SnSV1KQRkYy4g47ycfEVP75BupG6wcBRpY3xxc9pURy26cJ39ftFvxwv9NeiObv4:GC
Static task
static1
Behavioral task
behavioral1
Sample
Order-POF561.js
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Order-POF561.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.rzr0ngtai.com - Port:
587 - Username:
ofm@rzr0ngtai.com - Password:
TRhkGVZ4 - Email To:
ofm@rzr0ngtai.com
Targets
-
-
Target
Order-POF561.js
-
Size
4.4MB
-
MD5
600ff23c99cac605541142deb6d59d08
-
SHA1
609b030ed3ab2d856533efb140505ef77ab45e27
-
SHA256
b7c5d83bcb09217db3593681c1aab762b936b6bdcdef4c89b155ed5456d2224f
-
SHA512
f5143ca822ee39815cd7fd4e940451e3cf7a19ab6afc8052a2ce8b66525074c50033ae244de9950c4b30162d524972037ff0ea5f941663b8ab4377d73a6fd286
-
SSDEEP
24576:SnSV1KQRkYy4g47ycfEVP75BupG6wcBRpY3xxc9pURy26cJ39ftFvxwv9NeiObv4:GC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Accesses Microsoft Outlook profiles
-