General
-
Target
0bb09694c6d22f4bc519e0d12d5216a258e769995067ddec593361c4ee30a004
-
Size
408KB
-
Sample
220520-3dznkabfem
-
MD5
2af6c0b648c19a620f1276144df9416d
-
SHA1
eea7dba23183420589f8fd72c2605e8d237a817f
-
SHA256
0bb09694c6d22f4bc519e0d12d5216a258e769995067ddec593361c4ee30a004
-
SHA512
883ff76124df210757a612da59081bb005e773c8aa8a3506b44b2b21f576f45265d6a8be69e91dcb3ef013e0b68dd666363577f12c8a821d708301578798065b
Static task
static1
Behavioral task
behavioral1
Sample
MEDIFORM SA COMPANY PROFILE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MEDIFORM SA COMPANY PROFILE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
drsaint1992101
Targets
-
-
Target
MEDIFORM SA COMPANY PROFILE.exe
-
Size
475KB
-
MD5
e9ac5fe9b46821f9e8a12cb1385ef269
-
SHA1
c28330817a372e939dfc292c836b60899cb1ddb4
-
SHA256
78a7af5fd687bb9a30a9c0d303c9e4350772633d9187ff041b54fba6117f3cc7
-
SHA512
3e205855261e591e99c406f0ecd45424f8176c7bddfc21efb5ec4e94e2d4bddbfdbbe29f1d3a6434839ca805be309df034f52d9c1d81e811298642938fd65991
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-