General
-
Target
SecuriteInfo.com.Win32.RATX-gen.1832.24679
-
Size
811KB
-
Sample
231213-bpt4nsfeb9
-
MD5
7fb1638e865e58b80b1726a7f7be73f9
-
SHA1
d1a0f23aa68c74558b2762d21cab404d7ca92217
-
SHA256
4ac078a48ff7d80ccbc37c526e395b51f900c8206afe29e27b2a84bd2cd84532
-
SHA512
c6e24465c67beb6b849ce386065812915160d2cd6afca7a5a9d210a056c3ca6d559d2e7fa494c41da7a0c484b080748210d623b38ebd8b98226c3c511d96b672
-
SSDEEP
12288:Wd6tmebg0pGSMujFv+HUL1300mv6wjIq40+vSIRmx8x4+/LVmIK8:WAtmebgIRvsKJ00mnjIE+v10IZ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.1832.exe
Resource
win7-20231201-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.1832.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
NX@@OLDdollarDV8FW7 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.1832.24679
-
Size
811KB
-
MD5
7fb1638e865e58b80b1726a7f7be73f9
-
SHA1
d1a0f23aa68c74558b2762d21cab404d7ca92217
-
SHA256
4ac078a48ff7d80ccbc37c526e395b51f900c8206afe29e27b2a84bd2cd84532
-
SHA512
c6e24465c67beb6b849ce386065812915160d2cd6afca7a5a9d210a056c3ca6d559d2e7fa494c41da7a0c484b080748210d623b38ebd8b98226c3c511d96b672
-
SSDEEP
12288:Wd6tmebg0pGSMujFv+HUL1300mv6wjIq40+vSIRmx8x4+/LVmIK8:WAtmebgIRvsKJ00mnjIE+v10IZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-