General
-
Target
1a1649fe96f3711a5af037918c440701ac828722879d118e12e761541c266490
-
Size
759KB
-
Sample
220521-bxv1yacfd4
-
MD5
2e22eadb2945460207f501017ff6d6ba
-
SHA1
e793f18fd7e3699f6602df3865b3746a5a7b4b61
-
SHA256
1a1649fe96f3711a5af037918c440701ac828722879d118e12e761541c266490
-
SHA512
165db6e63b56da0690ed10e500610d9885b1619f74d650a34c54bf6c2e67ebacde2ea0d6f811253b3163b7e50ccf22ba73a6c2ed8d54da02c2c7e8f97f9e3d48
Static task
static1
Behavioral task
behavioral1
Sample
5X40ft Containers.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
5X40ft Containers.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Invoice.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Invoice.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
coronavirus2020
Extracted
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
coronavirus2020
Targets
-
-
Target
5X40ft Containers.exe
-
Size
447KB
-
MD5
21392c35fff25aa5aca7dd5b38d07db3
-
SHA1
110c61ea53ecc080b4871b348f4a524ae8723d89
-
SHA256
cebc844f3daddf87ea7763dafad1989b62052fe2264a4eb2ed9438e67789bc72
-
SHA512
bdb0501766036cc598350d7450ecf7903881e810e5b8067c0ac723ac665e8570d24ea3094a339dbc01bcb0658b21a36e59553ae3bf4c9c960d756ad1377b60ee
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Invoice.exe
-
Size
430KB
-
MD5
cd9794b192b65afe8eb044f5da433695
-
SHA1
ce0c3552c8da19531b70150f6e406528c45549de
-
SHA256
ef96df6ea910efa18ab195dcdc724bb1f405d520862da83da33ce31a7f405c47
-
SHA512
e246255c1fc3149b1d0312df95721a455b1e084bf79ca561bffffba6b3d286adad21604b6d497c71ebadfdc8e25e14c4e84f2ba28f4fbe817fe011e7ebea0ab9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-