General
-
Target
TAX INVOICE.zip
-
Size
545KB
-
Sample
221002-l3cfwsbghq
-
MD5
a1452eec9a3548bd6fe2c943247e94e7
-
SHA1
a4f1d4560f599dbf5409b2acc3df5a3c290a41db
-
SHA256
193559a2c09a05ffd2f19e18d5a0e08e6d9c6d2e1c585cdf15d0d6850611c0ef
-
SHA512
968c6df8dd90131f4cfa09b937183dcb4ea451d9d6f010844a6cdc0da3f90a3e4e5075be2b636b4d790c510d552c9b0c206696430cff9f25b8b442f3dcba3f19
-
SSDEEP
12288:dSw3/o0WsGaM6OmRauk8v2QOZjHy9C1WWF3BdRjNqjsh:dSwPo05LOyaf4cB19FRXjIju
Static task
static1
Behavioral task
behavioral1
Sample
TAX INVOICE.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
TAX INVOICE.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
saurav.roy@sseximclearing.com - Password:
Ssxm@9854
Targets
-
-
Target
TAX INVOICE.exe
-
Size
825KB
-
MD5
0876df0e375669e575c6aad9501d1813
-
SHA1
2c8200581fac3bc4a1c8b2f0793439a7a541a684
-
SHA256
1730f4ebe3686612308735dcca4459a47a400de62bdd4d207881b03b95d9778f
-
SHA512
e43388b4986617c7dc431bf0883a1a4b1f8e050ecf5a371114eb888c9e32d6a742645c58566a06abfb6f727adcb303275b7c9de1748d13502ea53eddb1df215d
-
SSDEEP
12288:0EpBExj02iNtmDauk8v2aOZPHyHC1WWFjBdwGADqjJ5n:j+01/qaf4YZ19FtZjr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-