General
-
Target
SecuriteInfo.com.Win32.RATX-gen.17380.26116.exe
-
Size
916KB
-
Sample
221208-nsawescg8x
-
MD5
15e12b5617dfb66d983963368dd80fc2
-
SHA1
dc6aeb6d475168ca144b739eea005de0d4ff905d
-
SHA256
24db2e7ba38ff5dc81c50e2b03c174de23cad2b480bb82a989b00f12767e19a0
-
SHA512
8cb6a582ea70566f15f48186bab7b02ce23797c7f97f26ad520f908aecd076eb51f5c86eee2cafb93c2bb1b00f17fa6989877271a03e9fd88c5e5aea337161a5
-
SSDEEP
12288:d2PFilGPtdUASF1cpeVBe9Brd52WBKG1dzBomLtx0M3UyapY+ZmBjHUk+q7K3o3n:U9iUl9SF659BrdUtgdmssmihZmBHM
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.17380.26116.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.17380.26116.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.togotaxgovernance.com - Port:
587 - Username:
data@togotaxgovernance.com - Password:
bScS(yyM7
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.17380.26116.exe
-
Size
916KB
-
MD5
15e12b5617dfb66d983963368dd80fc2
-
SHA1
dc6aeb6d475168ca144b739eea005de0d4ff905d
-
SHA256
24db2e7ba38ff5dc81c50e2b03c174de23cad2b480bb82a989b00f12767e19a0
-
SHA512
8cb6a582ea70566f15f48186bab7b02ce23797c7f97f26ad520f908aecd076eb51f5c86eee2cafb93c2bb1b00f17fa6989877271a03e9fd88c5e5aea337161a5
-
SSDEEP
12288:d2PFilGPtdUASF1cpeVBe9Brd52WBKG1dzBomLtx0M3UyapY+ZmBjHUk+q7K3o3n:U9iUl9SF659BrdUtgdmssmihZmBHM
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-