General
-
Target
da25b17eacaad0e09503e7728c91ca8a07bc6ebf1a4f4fe43504b02e18331f16
-
Size
332KB
-
Sample
220521-ny7gksheak
-
MD5
75ebcb3e28e71dd5430813485eff8c7c
-
SHA1
f45709e866654727915f2c7154e4ef3d8fb8ca84
-
SHA256
da25b17eacaad0e09503e7728c91ca8a07bc6ebf1a4f4fe43504b02e18331f16
-
SHA512
cf7bb7d6c3fd121fadd91a625a11b740537a6fe6a994ac7b89dd310da5746c2b9f74314b6604e8b95fe8341c5ab4ee82d55533dddc518f71e7ae925b01b68410
Static task
static1
Behavioral task
behavioral1
Sample
MV IVY OCEAN.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
MV IVY OCEAN.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.startranslogistics.com - Port:
587 - Username:
skt@startranslogistics.com - Password:
SIALKOT12345
Targets
-
-
Target
MV IVY OCEAN.exe
-
Size
373KB
-
MD5
2768319ce250022ca53507d643e5877d
-
SHA1
e7c5b2bd47594e8f280a5d52376b6411b20e70e4
-
SHA256
e75ce515d5af587aacf37ada6fb0108096cf10f50d2c8a45ef788af1bbae9533
-
SHA512
2ae8b1f69414a02af2f32d48e210e539dc43c8b89d267dd4813dd08f6b1c9a73f740e965dced43100c89b9d5e4010d9b08d8bc9e826e64b8ad0a2a1292361b39
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-