General
-
Target
0c11f2f59990e9ef2c7439bc83da55fb0f7adfcdf19635e62f0356787e43a9c2
-
Size
491KB
-
Sample
220521-bcczmaegbl
-
MD5
5c7bf06c5f2880bfd3b6ed0f71b9b4e5
-
SHA1
adc8e9bb85b71ca1be3d03942315cb69054a9fbd
-
SHA256
0c11f2f59990e9ef2c7439bc83da55fb0f7adfcdf19635e62f0356787e43a9c2
-
SHA512
57ecf384e339318cc95b8ab5540e2685d44221b9b9037f661ab7856e38edf8dbadae03982f64804142892ee1e3997a6018a758421fae4312a9bb7425b90438aa
Static task
static1
Behavioral task
behavioral1
Sample
MEDIFORM SA COMPANY PROFILE.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MEDIFORM SA COMPANY PROFILE.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
D0OHs@WA7%(x
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
D0OHs@WA7%(x
Targets
-
-
Target
MEDIFORM SA COMPANY PROFILE.exe
-
Size
530KB
-
MD5
76d8613a1f8e6d4ee26f371216e0b9dd
-
SHA1
ec34d3e46733b924109b2b497c2d71af5a7a068c
-
SHA256
b502f774e9192f77aa713347f2747b67df5a473be721226bf0b2d98bdff8a835
-
SHA512
1b86dd970e23f9a7ffa094310bf961c9349f37594a3bb009700c04b38ea7a9e3ec06263283eb05ced114d92c87684d75bb1c787f263f95cf6838dc51ca0cbd7c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-