General
-
Target
b6b6059edc4a5ff71a5f20de98924dafce4015e0846044c0f28e3d86f4028680
-
Size
395KB
-
Sample
220520-3btpjagfa3
-
MD5
52202a5ae5cd35965fb8accde5f8a795
-
SHA1
abf26909866b9226ee2c9a16cc2386943b64924a
-
SHA256
b6b6059edc4a5ff71a5f20de98924dafce4015e0846044c0f28e3d86f4028680
-
SHA512
f52d893d66d35f8af6c851079f8266bd7902750be641e818d222c8661990d55a2c619ae5aeb8afa3d5610e9a51b0fc4491d4b6a3d69ac1cc3cd7c4c36f622653
Static task
static1
Behavioral task
behavioral1
Sample
Mediform SA Order 07082020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Mediform SA Order 07082020.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Targets
-
-
Target
Mediform SA Order 07082020.exe
-
Size
433KB
-
MD5
1feec404f7d6d4e186317e75426be384
-
SHA1
9d03659a899d900688733c51d04f263179f76afa
-
SHA256
50529809a9b92f2b353e94a27b850f7be76f820c9a413a5968d686026936c133
-
SHA512
365fbe02de6112915a48948769e3bb3d295eb8d3a39cd8ee110ef977b5a3adbff3e28d56349a507d49cd47d100a50da9bd43f706f6c3ad0dae46c7cf1fb1e12f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-