General
-
Target
8459682776.zip
-
Size
616KB
-
Sample
221129-xh3ccsac7y
-
MD5
da01a64b7de4f0665d789dd0d0af5d6b
-
SHA1
5187ccb80ad28bac8ebc579eb6af70a67dd74f24
-
SHA256
315984aabc5da8205e3bad254f58a57c3131df81438d6462edb8cde5b096105e
-
SHA512
24b68d399bcf25dfbe9f05d7c9c7c46adc0e20427d1b1505e099fd722d1ca234097a255ee01d03007b76e16c05143811d85a74f99c3027afb98583c283630ef3
-
SSDEEP
12288:iFwA3ff3XPoGeAUYYRZozlN4Feqi9jO9bEQyr9czYiaG:iiGfnPJWRZ2qujibRyruzl
Static task
static1
Behavioral task
behavioral1
Sample
f71c278f8f31eb5aafb97b9b8cc6c7f6b2aea97c80bca11ddeede2b7df8b1ee5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f71c278f8f31eb5aafb97b9b8cc6c7f6b2aea97c80bca11ddeede2b7df8b1ee5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sseximclearing.com - Port:
587 - Username:
saurav.roy@sseximclearing.com - Password:
Ssxm@9854 - Email To:
maxitears7@gmail.com
Targets
-
-
Target
f71c278f8f31eb5aafb97b9b8cc6c7f6b2aea97c80bca11ddeede2b7df8b1ee5
-
Size
777KB
-
MD5
933c54fec2b05a8dc386623a79f5fed6
-
SHA1
b70e1861d76cd1a37810fe91ec74cb1848011642
-
SHA256
f71c278f8f31eb5aafb97b9b8cc6c7f6b2aea97c80bca11ddeede2b7df8b1ee5
-
SHA512
c25cf1155283841af5b0d510f168837c74652251f969ec55663c2d6174e593cc4f198387be11be2cf187f43f2de2e2e76b09f69c5c063e1cf898280d3760d4de
-
SSDEEP
12288:oKdsGfZFr5cE8LHWt+zvhqbcIERlSCWs/OL6mMk/SEdRMA/LyzIPPPu6gt:5WvL/YbclSa5mt9/LkInst
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-