Overview

overview

10

Static

static

MEDIFORM S...LE.exe

windows7_x64

10

MEDIFORM S...LE.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c11f2f59990e9ef2c7439bc83da55fb0f7adfcdf19635e62f0356787e43a9c2

  • Size

    491KB

  • Sample

    220521-bcczmaegbl

  • MD5

    5c7bf06c5f2880bfd3b6ed0f71b9b4e5

  • SHA1

    adc8e9bb85b71ca1be3d03942315cb69054a9fbd

  • SHA256

    0c11f2f59990e9ef2c7439bc83da55fb0f7adfcdf19635e62f0356787e43a9c2

  • SHA512

    57ecf384e339318cc95b8ab5540e2685d44221b9b9037f661ab7856e38edf8dbadae03982f64804142892ee1e3997a6018a758421fae4312a9bb7425b90438aa

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    D0OHs@WA7%(x

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    D0OHs@WA7%(x

Targets

    • Target

      MEDIFORM SA COMPANY PROFILE.exe

    • Size

      530KB

    • MD5

      76d8613a1f8e6d4ee26f371216e0b9dd

    • SHA1

      ec34d3e46733b924109b2b497c2d71af5a7a068c

    • SHA256

      b502f774e9192f77aa713347f2747b67df5a473be721226bf0b2d98bdff8a835

    • SHA512

      1b86dd970e23f9a7ffa094310bf961c9349f37594a3bb009700c04b38ea7a9e3ec06263283eb05ced114d92c87684d75bb1c787f263f95cf6838dc51ca0cbd7c

    Score
    10/10
    agentteslakeyloggerspywarestealertrojancollection

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks