Overview
overview
10Static
static
8IoC/004144..._4.xls
windows7_x64
1IoC/004144..._4.xls
windows10_x64
1IoC/004146..._4.xls
windows7_x64
1IoC/004146..._4.xls
windows10_x64
1IoC/004149..._4.xls
windows7_x64
1IoC/004149..._4.xls
windows10_x64
1IoC/004151..._4.xls
windows7_x64
1IoC/004151..._4.xls
windows10_x64
1IoC/004172..._4.xls
windows7_x64
1IoC/004172..._4.xls
windows10_x64
1Scan0035.exe
windows7_x64
10Scan0035.exe
windows10_x64
10Schenker I...05.exe
windows7_x64
10Schenker I...05.exe
windows10_x64
10General
-
Target
IoC.zip
-
Size
715KB
-
Sample
211018-yz99zaeeg9
-
MD5
db5f390d1104ae90448dec22b18c4b6a
-
SHA1
f8ca434c9f5753d39ce1543c416c29e19e67b9d1
-
SHA256
889647fa41dbe3f6f5ca5c356d021e2ca89516d7494c8c4c8cd909e65214794f
-
SHA512
edf55672fadbaf0e5cdec03b05c5c77053c07595293e1eb0b2092775ae3f80fb58d0644e3ed76c386d84a772021f532d2a053d7bc63cc02708982076eb4de429
Static task
static1
Behavioral task
behavioral1
Sample
IoC/004144376948_4.xls
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
IoC/004144376948_4.xls
Resource
win10-en-20210920
Behavioral task
behavioral3
Sample
IoC/004146831131_4.xls
Resource
win7-en-20210920
Behavioral task
behavioral4
Sample
IoC/004146831131_4.xls
Resource
win10-en-20211014
Behavioral task
behavioral5
Sample
IoC/004149453535_4.xls
Resource
win7-en-20210920
Behavioral task
behavioral6
Sample
IoC/004149453535_4.xls
Resource
win10-en-20211014
Behavioral task
behavioral7
Sample
IoC/004151080639_4.xls
Resource
win7-en-20210920
Behavioral task
behavioral8
Sample
IoC/004151080639_4.xls
Resource
win10-en-20211014
Behavioral task
behavioral9
Sample
IoC/004172770391_4.xls
Resource
win7-en-20210920
Behavioral task
behavioral10
Sample
IoC/004172770391_4.xls
Resource
win10-en-20210920
Behavioral task
behavioral11
Sample
Scan0035.exe
Resource
win7-en-20211014
Behavioral task
behavioral12
Sample
Scan0035.exe
Resource
win10-en-20210920
Behavioral task
behavioral13
Sample
Schenker Italiana S.p.A. CW305.exe
Resource
win7-en-20211014
Behavioral task
behavioral14
Sample
Schenker Italiana S.p.A. CW305.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rapidmail.ec - Port:
587 - Username:
[email protected] - Password:
icui4cu2@@
Targets
-
-
Target
IoC/004144376948_4.xls
-
Size
58KB
-
MD5
f480fc1afe995ae4cafcb89b83295d88
-
SHA1
441f53d97186305891267b6b98382f2a0fa180b7
-
SHA256
d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
-
SHA512
b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score1/10 -
-
-
Target
IoC/004146831131_4.xls
-
Size
58KB
-
MD5
f480fc1afe995ae4cafcb89b83295d88
-
SHA1
441f53d97186305891267b6b98382f2a0fa180b7
-
SHA256
d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
-
SHA512
b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score1/10 -
-
-
Target
IoC/004149453535_4.xls
-
Size
60KB
-
MD5
f64066fff51a9027fdcc09cc945348f1
-
SHA1
09dfe19460e834da02a1907c22e467d187ba0db9
-
SHA256
f9d4af4f518410fbbff3f83d253dae9cfa1169995ac502ebc5d33752bd44132d
-
SHA512
15441d60dcbf65fdf17c0fe9414b0f5394c5a4105b9d5ef49c51ae3f234e52ad28a3af611e65436d00ecbde56fa5743f0b67473c818eb0d4427bb6a74c61475e
Score1/10 -
-
-
Target
IoC/004151080639_4.xls
-
Size
58KB
-
MD5
f480fc1afe995ae4cafcb89b83295d88
-
SHA1
441f53d97186305891267b6b98382f2a0fa180b7
-
SHA256
d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
-
SHA512
b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score1/10 -
-
-
Target
IoC/004172770391_4.xls
-
Size
58KB
-
MD5
f480fc1afe995ae4cafcb89b83295d88
-
SHA1
441f53d97186305891267b6b98382f2a0fa180b7
-
SHA256
d29f6c42fa70b462166272142d33012c41c471ea2c02943fae147fbccd5420aa
-
SHA512
b5ea9a01308a6b84d89ba573a0a1957c448ea9e126323e748dfdae1caafbeed67d88188e3256799c40b5c0665370ff65985a41c38a0cdd2ff6fc6d30000c85f5
Score1/10 -
-
-
Target
Scan0035.exe
-
Size
378KB
-
MD5
4a5b5548aaac6cd43db49ddb7ea3366a
-
SHA1
66ed951f8f61eac27e44d2df5f620c165c3bc5c6
-
SHA256
f05fb8e19bb59ac7d58eee5d0461c9e446b0d9f07c824ebac75c3758752918db
-
SHA512
50ea6daa44858c683884f1f5cfd5d849905fa6a1ffbf2c255c701e2820daafbbaba5888c2464dd26ce0eff063603320f1a8d522d014b260d4e9f799a8a506160
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Schenker Italiana S.p.A. CW305.exe
-
Size
136KB
-
MD5
f9387f159f97d49649d1e6b34802dd3f
-
SHA1
b0f8090cb04a59d08e355553162a7fad645a3a4e
-
SHA256
0af20465dac642791831be79702b7c4cbf204f170b8441ab001a7519eb6dc45c
-
SHA512
e6a507398a4ed6279212c670ede75c25f47e82a04ef86f9f2ce7fb9fd64879a1c9bac17eaa2a0fe04bd5778d6da1167458f6716a984273820111daa70589f92c
Score10/10 -