General
-
Target
revised original documents.zip
-
Size
831KB
-
Sample
221002-pql2cafae5
-
MD5
99992ca6681872fa3ae9ea82a006d50e
-
SHA1
11ffd10747a7d1b4ff88b16b2694a0a6c89664f6
-
SHA256
c22c6f9d19638ea1551aacfbcaff86e9b6426eb38eed5826c6b6c11053081c56
-
SHA512
e3211c30671f58a3301a2d811e30ac15244b55bae85e8d5291d80b00fac3aaff0de17482e0c4dc408054dd2a6aa47a6d8b236e8638213f059267854afda9a582
-
SSDEEP
24576:tuKePaHyKnyZAGgDUB/TaQ4d3+H0ZnnxHUFN+y:wksZeU5Ahx0iy
Static task
static1
Behavioral task
behavioral1
Sample
revised original documents.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
revised original documents.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
saurav.roy@sseximclearing.com - Password:
Ssxm@9854
Targets
-
-
Target
revised original documents.exe
-
Size
1.1MB
-
MD5
cc98bc7f6a37ab1e9ec3e3257e15c854
-
SHA1
bc7a13f6051b7ffb0d4f969ba24614f88cea0035
-
SHA256
c30e355a92bee2c46c8e7cb9dea3532e99579e68b3a147d566dd8929a99d5893
-
SHA512
dbed212a92f976384034deec7f8a773d90db42c33ef5e5751b35227a5abf1fe634c688f35bbe50931f2963a8e09cba7a81e07d825d862869c7d862d9b5d9f5bf
-
SSDEEP
24576:q1Uv6ZAkgpwBVTKQMj3WH0DBnrsFFjrX:qTZ0wru9rsFFP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-