General
-
Target
revised original documents.exe
-
Size
1.1MB
-
Sample
221002-pql2cafae6
-
MD5
cc98bc7f6a37ab1e9ec3e3257e15c854
-
SHA1
bc7a13f6051b7ffb0d4f969ba24614f88cea0035
-
SHA256
c30e355a92bee2c46c8e7cb9dea3532e99579e68b3a147d566dd8929a99d5893
-
SHA512
dbed212a92f976384034deec7f8a773d90db42c33ef5e5751b35227a5abf1fe634c688f35bbe50931f2963a8e09cba7a81e07d825d862869c7d862d9b5d9f5bf
-
SSDEEP
24576:q1Uv6ZAkgpwBVTKQMj3WH0DBnrsFFjrX:qTZ0wru9rsFFP
Malware Config
Extracted
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
saurav.roy@sseximclearing.com - Password:
Ssxm@9854
Targets
-
-
Target
revised original documents.exe
-
Size
1.1MB
-
MD5
cc98bc7f6a37ab1e9ec3e3257e15c854
-
SHA1
bc7a13f6051b7ffb0d4f969ba24614f88cea0035
-
SHA256
c30e355a92bee2c46c8e7cb9dea3532e99579e68b3a147d566dd8929a99d5893
-
SHA512
dbed212a92f976384034deec7f8a773d90db42c33ef5e5751b35227a5abf1fe634c688f35bbe50931f2963a8e09cba7a81e07d825d862869c7d862d9b5d9f5bf
-
SSDEEP
24576:q1Uv6ZAkgpwBVTKQMj3WH0DBnrsFFjrX:qTZ0wru9rsFFP
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-