General
-
Target
SecuriteInfo.com.Win32.RATX-gen.28286.5204.exe
-
Size
13KB
-
Sample
221207-npfx9scf78
-
MD5
b0791d061d2592f94776d9afb827bb76
-
SHA1
ea494133fd540c8b09450d5dd1afbdd5b9d615fd
-
SHA256
af382724edcf48552b1c1f006dfba4633a0b2c685245e3b62af9e788777f5c7c
-
SHA512
93ccb40e510405b88c35a94961b9635f8c25c9ae778e19d9de830c75f18088ae68a0c6c9c517c676ae2f54b3942fdf0fae18dc6921b3c29d053cb515f417b7e3
-
SSDEEP
192:RrU+Ff+o0X3IozKYWF52+S8k08PTK2bB8S:LFF0X3IozKHTb8u2l8
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.28286.5204.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.28286.5204.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5764062937:AAHmiesTr6Z7n5aCQmZlon17u47KFOBnTT8/
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.28286.5204.exe
-
Size
13KB
-
MD5
b0791d061d2592f94776d9afb827bb76
-
SHA1
ea494133fd540c8b09450d5dd1afbdd5b9d615fd
-
SHA256
af382724edcf48552b1c1f006dfba4633a0b2c685245e3b62af9e788777f5c7c
-
SHA512
93ccb40e510405b88c35a94961b9635f8c25c9ae778e19d9de830c75f18088ae68a0c6c9c517c676ae2f54b3942fdf0fae18dc6921b3c29d053cb515f417b7e3
-
SSDEEP
192:RrU+Ff+o0X3IozKYWF52+S8k08PTK2bB8S:LFF0X3IozKHTb8u2l8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-