General
-
Target
Bdf.exe
-
Size
691KB
-
Sample
220522-fzqw8afee3
-
MD5
4356ec13f3ecf498927e9201c486efe8
-
SHA1
629d568f17687fba89d7d9af41e2f1669bdbc828
-
SHA256
839fe50643326105b4a44193db365e347eebdb98fd9cbdb22b26fb64589605a7
-
SHA512
2906140ada60b565c990122bc3e82252440a30a3940318a4c06340a860a14833b18a8e9e744cc0a693213cb838e73d5c097858a7eb059eebe0656634a9624d16
Static task
static1
Behavioral task
behavioral1
Sample
Bdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Bdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5160342877:AAG7aI_cOY3UzpErIEUdfVUJMJszvGYLIiI/sendDocument
Targets
-
-
Target
Bdf.exe
-
Size
691KB
-
MD5
4356ec13f3ecf498927e9201c486efe8
-
SHA1
629d568f17687fba89d7d9af41e2f1669bdbc828
-
SHA256
839fe50643326105b4a44193db365e347eebdb98fd9cbdb22b26fb64589605a7
-
SHA512
2906140ada60b565c990122bc3e82252440a30a3940318a4c06340a860a14833b18a8e9e744cc0a693213cb838e73d5c097858a7eb059eebe0656634a9624d16
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-