General
-
Target
MV THALASSINI (EX- OCEAN LORD).doc.exe
-
Size
894KB
-
Sample
211202-rrwy2shfgm
-
MD5
4b70ce8188818a2af2012d5873d41427
-
SHA1
1ecffa65239684b2dd8aad9af1f492abae1abf9d
-
SHA256
36db74b3ae7fee8c2acb570837c772d62274a96c4767ba01cab7540942d2788f
-
SHA512
fee0bb6584f39af192ec72f59afa17f40bc18e7f26b0e9d16842765fc2ab76fbf0046cfce8918109646ca2e420e0700d07cc16c1d18dd8f977d437e045665c0e
Static task
static1
Behavioral task
behavioral1
Sample
MV THALASSINI (EX- OCEAN LORD).doc.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
MV THALASSINI (EX- OCEAN LORD).doc.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gurnarshipping.com - Port:
587 - Username:
zzlogs@gurnarshipping.com - Password:
lSeZyYA0
Targets
-
-
Target
MV THALASSINI (EX- OCEAN LORD).doc.exe
-
Size
894KB
-
MD5
4b70ce8188818a2af2012d5873d41427
-
SHA1
1ecffa65239684b2dd8aad9af1f492abae1abf9d
-
SHA256
36db74b3ae7fee8c2acb570837c772d62274a96c4767ba01cab7540942d2788f
-
SHA512
fee0bb6584f39af192ec72f59afa17f40bc18e7f26b0e9d16842765fc2ab76fbf0046cfce8918109646ca2e420e0700d07cc16c1d18dd8f977d437e045665c0e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-