General
-
Target
aa3055d86e518dadbeb1ab3c07d22571cb2cd693f430abc33cb0118ad08a8d7d
-
Size
429KB
-
Sample
220520-31vm5ahhb5
-
MD5
6d3661b65c2298fef0b216eff18cc8e7
-
SHA1
9134dbe93aba1ee2d0c35a9acaa1c1c3fd43dbc2
-
SHA256
aa3055d86e518dadbeb1ab3c07d22571cb2cd693f430abc33cb0118ad08a8d7d
-
SHA512
6a04d74a72daeac9dfb9897e39161fe3885d4b7329fbe4ec655cf93460973d94662f186d1d1d23a963d126dfaa711f8d1a65c6cd11764f8f864375939146b98e
Static task
static1
Behavioral task
behavioral1
Sample
Mediform SA Order 0508202.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Mediform SA Order 0508202.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Targets
-
-
Target
Mediform SA Order 0508202.exe
-
Size
650KB
-
MD5
cacf4def20c8374bb74aad23be229333
-
SHA1
6a6e74dca12a1863f110ef1e7e97fcadce79c5d5
-
SHA256
c1a8d05e6b798ccd18334ab7461cc276bdc3603f35d3186b90bfcb9597ada240
-
SHA512
1a16de241584bf6b5c71c0e0e9919e40a6eda18826bd5dbaf82c2a6eff9a7f14aecbe4351f6f9386a72611cd85d83e026b1da957cd5b93165a063439e0be3c58
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-