General
-
Target
eeff507400372a416a8115c24438df82c39d7e500582e8c978b4ce729f8bb9ca
-
Size
522KB
-
Sample
220521-ndqnbsded9
-
MD5
5ff0931e7415967430c614f884442eb7
-
SHA1
5f385724acf8918ff12de511051be6f923167de6
-
SHA256
eeff507400372a416a8115c24438df82c39d7e500582e8c978b4ce729f8bb9ca
-
SHA512
e8fe830c284ddc78826f17c9eff488a01f100afe675e63c15ccf053608b56c8355ca645e1d5c05a59d666d8136a845f847d8d5165b7e804e00726434cd820d73
Static task
static1
Behavioral task
behavioral1
Sample
MV_NAVIOSRAYpdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV_NAVIOSRAYpdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
secure231.servconfig.com - Port:
587 - Username:
info@eltaef.com - Password:
eltaefSH6548883
Targets
-
-
Target
MV_NAVIOSRAYpdf.exe
-
Size
634KB
-
MD5
e80127d7e94474e0e5d135066872ea81
-
SHA1
476f222ec504cfe5bd6753a4e842edfa4b057ab9
-
SHA256
16b640035421f4d02280a93e7eb442c0a6e933b34eb56b7a65365b154cbe7dbe
-
SHA512
7701883511820dd01ff663ae3f568945147a4acddb0e74d21eb725fbbf7345f5f072432e5385d78343fbf934604ff8d18f2122a9cde34bfab9b857f675f7bdf8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-