General
-
Target
payment receipt.zip
-
Size
615KB
-
Sample
221129-qms6xsfc5z
-
MD5
42f697281443db23a08b82fdad84a19e
-
SHA1
9cb2688c1696b57843c79f236b62a665b67a9942
-
SHA256
7877c4bba8677a8d98fba31b8fb46526303863b520d35ab3cdcd3436d4bac2b3
-
SHA512
4dc5739c2bac8a8cecc55cd37b2cc8b6a4f69126e9e5af47980e2cf77eea4a3114691d89b803e07af397904987928f72b8caec686de78df3a29c4ad1ad5738ea
-
SSDEEP
12288:Y9N8GyU/fFNqK+1vhgbOYE9lSG+s/gL69LNoTZ9K3dI+RP:uZVNo6bOVSofxNO0G+RP
Static task
static1
Behavioral task
behavioral1
Sample
payment receipt.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
payment receipt.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
saurav.roy@sseximclearing.com - Password:
Ssxm@9854 - Email To:
maxitears7@gmail.com
Targets
-
-
Target
payment receipt.exe
-
Size
777KB
-
MD5
933c54fec2b05a8dc386623a79f5fed6
-
SHA1
b70e1861d76cd1a37810fe91ec74cb1848011642
-
SHA256
f71c278f8f31eb5aafb97b9b8cc6c7f6b2aea97c80bca11ddeede2b7df8b1ee5
-
SHA512
c25cf1155283841af5b0d510f168837c74652251f969ec55663c2d6174e593cc4f198387be11be2cf187f43f2de2e2e76b09f69c5c063e1cf898280d3760d4de
-
SSDEEP
12288:oKdsGfZFr5cE8LHWt+zvhqbcIERlSCWs/OL6mMk/SEdRMA/LyzIPPPu6gt:5WvL/YbclSa5mt9/LkInst
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-