General
-
Target
ff9217b4b482b604d5c89e9c8418a627fca4ad739cdc62d3f17da48aceaff19b.js
-
Size
1KB
-
Sample
240610-nkbgzsgh9z
-
MD5
b0ce1ca2c611fe78fae0b7d46feb25c5
-
SHA1
739448dbaa22c6d1f3b12b688faaf99604bd1ca4
-
SHA256
ff9217b4b482b604d5c89e9c8418a627fca4ad739cdc62d3f17da48aceaff19b
-
SHA512
a85227207b00a5697756c02b5ad31fac5344688f0b41dd703ed6d40f32adeea724b6f63e7ee25738089aadf79aac207e0de800eecb83bb6ae0a17d51a406703b
Static task
static1
Behavioral task
behavioral1
Sample
ff9217b4b482b604d5c89e9c8418a627fca4ad739cdc62d3f17da48aceaff19b.js
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.albuspsikoloji.com.tr - Port:
587 - Username:
[email protected] - Password:
Bukky101@ - Email To:
[email protected]
Targets
-
-
Target
ff9217b4b482b604d5c89e9c8418a627fca4ad739cdc62d3f17da48aceaff19b.js
-
Size
1KB
-
MD5
b0ce1ca2c611fe78fae0b7d46feb25c5
-
SHA1
739448dbaa22c6d1f3b12b688faaf99604bd1ca4
-
SHA256
ff9217b4b482b604d5c89e9c8418a627fca4ad739cdc62d3f17da48aceaff19b
-
SHA512
a85227207b00a5697756c02b5ad31fac5344688f0b41dd703ed6d40f32adeea724b6f63e7ee25738089aadf79aac207e0de800eecb83bb6ae0a17d51a406703b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-