General
-
Target
REF DOCUMENTS.js
-
Size
30KB
-
Sample
240916-rl9myssana
-
MD5
86185d6d160eabe88692b9dbf3ff3e71
-
SHA1
66cf746399849a72487a7ce9f8dd652d982a72bd
-
SHA256
af448bd9c6a6315bfa00b0301e57545cffe8ed75d30fbd18fdbd4cec606283b7
-
SHA512
15da27ecca298442aded5ad4a5a45522880013e7f9906d386167b27ad9439d08ecafdfd6c3de638bc3719d46d89f45116cf560772db11d3aae420cfbf059bd3e
-
SSDEEP
768:OVWm9aFqK2YmaQ4Vg4vf4bQuvAsBvPquk6Q:Omkk6Q
Static task
static1
Behavioral task
behavioral1
Sample
REF DOCUMENTS.js
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
REF DOCUMENTS.js
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
162.254.34.31 - Port:
587 - Username:
[email protected] - Password:
M992uew1mw6Z - Email To:
[email protected]
Targets
-
-
Target
REF DOCUMENTS.js
-
Size
30KB
-
MD5
86185d6d160eabe88692b9dbf3ff3e71
-
SHA1
66cf746399849a72487a7ce9f8dd652d982a72bd
-
SHA256
af448bd9c6a6315bfa00b0301e57545cffe8ed75d30fbd18fdbd4cec606283b7
-
SHA512
15da27ecca298442aded5ad4a5a45522880013e7f9906d386167b27ad9439d08ecafdfd6c3de638bc3719d46d89f45116cf560772db11d3aae420cfbf059bd3e
-
SSDEEP
768:OVWm9aFqK2YmaQ4Vg4vf4bQuvAsBvPquk6Q:Omkk6Q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-