General

  • Target

    2c243d31fa812a2b4d5522a910aff736421c09a28622a95df6be257f6817a75c

  • Size

    2.3MB

  • Sample

    240522-b24hwagd9z

  • MD5

    2dd83e57578f45f7e71f53da4895de17

  • SHA1

    bfb1c366ece2d1f6e645356b64c63425dc973140

  • SHA256

    2c243d31fa812a2b4d5522a910aff736421c09a28622a95df6be257f6817a75c

  • SHA512

    1951e94895ade59fdf059a6c0c8a3142072e76882da91e83c36a950a39f263ae82281b0831e50e4dc596e7a767161cf54e04a1dda64c8fa4891ebc0e8696baa3

  • SSDEEP

    24576:+J/fwRx5DOae9+2hNqt6g/aX2uPy9zC0ujBlMPEUYL3Ypji43jx/Et0hXWrdmApc:DDr2fqsKaX2aeuoMUfnRE7V7CG+/B9ck

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    mail.medicalhome.com.pe
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    MHinfo01

Targets

    • Target

      2c243d31fa812a2b4d5522a910aff736421c09a28622a95df6be257f6817a75c

    • Size

      2.3MB

    • MD5

      2dd83e57578f45f7e71f53da4895de17

    • SHA1

      bfb1c366ece2d1f6e645356b64c63425dc973140

    • SHA256

      2c243d31fa812a2b4d5522a910aff736421c09a28622a95df6be257f6817a75c

    • SHA512

      1951e94895ade59fdf059a6c0c8a3142072e76882da91e83c36a950a39f263ae82281b0831e50e4dc596e7a767161cf54e04a1dda64c8fa4891ebc0e8696baa3

    • SSDEEP

      24576:+J/fwRx5DOae9+2hNqt6g/aX2uPy9zC0ujBlMPEUYL3Ypji43jx/Et0hXWrdmApc:DDr2fqsKaX2aeuoMUfnRE7V7CG+/B9ck

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • UAC bypass

    • Windows security bypass

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks