General
-
Target
b6c6e4e30228a0d456f676303b0e9a71432bed674cb11a749f0a018fce862204
-
Size
1.2MB
-
Sample
220521-bpvefafccq
-
MD5
66afe2da6b4a7089e822abf3086c15b1
-
SHA1
b93d2c51568632075371d3dc0e7cc7af5a23f4aa
-
SHA256
b6c6e4e30228a0d456f676303b0e9a71432bed674cb11a749f0a018fce862204
-
SHA512
58b50ccce5561dbaeb8f83afccc40c19032a7fc1faa324761b8b3cecea30079b7dfa0eecf41b19b7adb31140f5100112e370f57d4af89aca92c70b59bcc5a5b1
Static task
static1
Behavioral task
behavioral1
Sample
LULUZHEO.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
LULUZHEO.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
LULUZHEO.EXE
-
Size
449KB
-
MD5
ebeddd594f603b5bdb8423e5c66c6173
-
SHA1
6d2c7b328ed3052e9df7c6e78a5de31689b3139a
-
SHA256
42f0c2ab662dc2394eeb19056564b07ea7caf76e9b5a67ce8f44f99c99524098
-
SHA512
e06f71193183c2002f71727a2f7d6df59ae29a2afacf533682cc3e38c6cf198f88e6fcb8501736d3360b27f949b6bfc38f20fda1f59d5b92536a995d5eb10002
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
CoreCCC Packer
Detects CoreCCC packer used to load .NET malware.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-