General
-
Target
da6761f510410bffddc3d88f53c4a63f2be0c56eee45e5c8f2d82081d84d14d3
-
Size
1.4MB
-
Sample
220521-nxklesecc9
-
MD5
67f49e016549b9c96cb1c66da62b38d1
-
SHA1
a7ee44386bdbf54a720fc2b1988e172ce43dc9b2
-
SHA256
da6761f510410bffddc3d88f53c4a63f2be0c56eee45e5c8f2d82081d84d14d3
-
SHA512
14c2069a8d675b9b19f5ad96667e26bbf0c90b1d3153eb9bd9572d37623cecdcf9f846f6c5e73fd902616b95b56630bc6af4a3d2081de7fc79d6a2bab96b0c33
Static task
static1
Behavioral task
behavioral1
Sample
Invoice 2078654.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Invoice 2078654.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Invoice 4907856.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Invoice 4907856.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
pictures.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
pictures.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
coronavirus2020
Extracted
matiex
Protocol: smtp- Host:
smtp.privateemail.com - Port:
587 - Username:
[email protected] - Password:
coronavirus2020 - Email To:
[email protected]
Targets
-
-
Target
Invoice 2078654.exe
-
Size
584KB
-
MD5
305169143f17a668f43eba80eba3e4b7
-
SHA1
244054c432b355b8cbddd0ce3928e72b684a59ef
-
SHA256
40c2c761bdc8603d5bc7c0ef1668a16b7a6a9de062268418e53c8b399fa33adb
-
SHA512
da444bfed98e406cbf5fb3848b4e59095dd03e2be4c3bd998dd198282db30bc3cd22847677758ac87ba2f9e3312daa836cd627877cfacf605c8d4ddcb643cae2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
Invoice 4907856.exe
-
Size
598KB
-
MD5
cfe01269c178fea11b28130dd457c43e
-
SHA1
589c257ca5f0be53af4160bbd67c6a4dd01c8ae6
-
SHA256
40cf3214cd412e73955af3a64b3e61691ec44f3ee6bd8031ea37e69dce07b393
-
SHA512
7077c264debdbc5aa67e5d183eeaeb827360ecd886cce8bb24a7d93733bb33fad392dff3d2aa5a8854d9ecef70cde94510504e9eed7a5c8bb2d5145763374087
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
pictures.exe
-
Size
720KB
-
MD5
80e998b0d647b192f3d888cfacd01f34
-
SHA1
7902df564b9570835e54206ea2df187b9bce61a0
-
SHA256
de44283f7ccd395563808b6959085c30fad50e32d8a016b201c492f1f92e41d6
-
SHA512
6936fa0066d1dc97d9c133ba9c3cea97d103c0099eec872f59e99d175f9a1e8fbfdd7f04fb0ca74e01dd6ce5af91dc81ba1e308bf590f2a2001c0fc86652aca0
Score10/10-
Matiex Main Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-