General
-
Target
83532bb6a24d4eb669d3655d94345e3b44df39025e8c4ad024d5365575a70fe2
-
Size
1.4MB
-
Sample
220521-n49h5aefc8
-
MD5
6eaeb10b60ff1d30184145fa7b821c92
-
SHA1
c86fe34f3bce6094060d908dd725f0d5ed684731
-
SHA256
83532bb6a24d4eb669d3655d94345e3b44df39025e8c4ad024d5365575a70fe2
-
SHA512
816a8203a8f32039ba163c6a3d7b47321158cdda9af9fe5f781578bcb6c30dddcf22b419631b0b65e980e42ec4e7f6c261865216f25864f6a7658a658687e56c
Static task
static1
Behavioral task
behavioral1
Sample
MAERSK KLEVEN V.949.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MAERSK KLEVEN V.949.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
MAERSK KLEVEN V.949.exe
-
Size
3.9MB
-
MD5
21eda5c3a9b012e0ae18f446da1b9eeb
-
SHA1
0b01392f53c0fe65952495ba14af70420d2c5853
-
SHA256
f1f8cbfc6921ce73c2c3668b2fded2a1bdb3cf8d5434f23090840115188fd7b9
-
SHA512
74ae6555b9329bc549bd686f9d861b2d09bf0030b07a1289801bef239751c770fcb3ef729e6bcf724f32a6869893bb119480d3680e78b6be5bccc770bf517c18
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Modifies WinLogon for persistence
-
AgentTesla Payload
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-