General
-
Target
revised original documents.exe
-
Size
1.1MB
-
Sample
221002-pql2cafae6
-
MD5
cc98bc7f6a37ab1e9ec3e3257e15c854
-
SHA1
bc7a13f6051b7ffb0d4f969ba24614f88cea0035
-
SHA256
c30e355a92bee2c46c8e7cb9dea3532e99579e68b3a147d566dd8929a99d5893
-
SHA512
dbed212a92f976384034deec7f8a773d90db42c33ef5e5751b35227a5abf1fe634c688f35bbe50931f2963a8e09cba7a81e07d825d862869c7d862d9b5d9f5bf
-
SSDEEP
24576:q1Uv6ZAkgpwBVTKQMj3WH0DBnrsFFjrX:qTZ0wru9rsFFP
Static task
static1
Behavioral task
behavioral1
Sample
revised original documents.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
revised original documents.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
saurav.roy@sseximclearing.com - Password:
Ssxm@9854
Targets
-
-
Target
revised original documents.exe
-
Size
1.1MB
-
MD5
cc98bc7f6a37ab1e9ec3e3257e15c854
-
SHA1
bc7a13f6051b7ffb0d4f969ba24614f88cea0035
-
SHA256
c30e355a92bee2c46c8e7cb9dea3532e99579e68b3a147d566dd8929a99d5893
-
SHA512
dbed212a92f976384034deec7f8a773d90db42c33ef5e5751b35227a5abf1fe634c688f35bbe50931f2963a8e09cba7a81e07d825d862869c7d862d9b5d9f5bf
-
SSDEEP
24576:q1Uv6ZAkgpwBVTKQMj3WH0DBnrsFFjrX:qTZ0wru9rsFFP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-