General
-
Target
SecuriteInfo.com.Win32.RATX-gen.14246.10866
-
Size
890KB
-
Sample
231213-crpseagbe7
-
MD5
31654c69d6ff281613694d10f14040f8
-
SHA1
d47e5c4b893480486932190052ce154ccdbe14ad
-
SHA256
25ed66335a82f70ae9980bb3f4635398c537b294eeca7728d5994ce9b266ca12
-
SHA512
c200e50e7726af9ccc70f373bec985ded8855255549c378a93b172bda4c2f37e764cce08cf34d5245b985c7c94a26470e395f336094fecd497139c8fecdf37bc
-
SSDEEP
12288:RwrPtrlHjVOhefWnE29FPcAqox/P8XHyf+Ivtln0POehoAp:RetrlHjMhd//Eq/0Xy2cn0Wehn
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.14246.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.14246.exe
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.precise.co.in - Port:
587 - Username:
[email protected] - Password:
Singh@2022$ - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.14246.10866
-
Size
890KB
-
MD5
31654c69d6ff281613694d10f14040f8
-
SHA1
d47e5c4b893480486932190052ce154ccdbe14ad
-
SHA256
25ed66335a82f70ae9980bb3f4635398c537b294eeca7728d5994ce9b266ca12
-
SHA512
c200e50e7726af9ccc70f373bec985ded8855255549c378a93b172bda4c2f37e764cce08cf34d5245b985c7c94a26470e395f336094fecd497139c8fecdf37bc
-
SSDEEP
12288:RwrPtrlHjVOhefWnE29FPcAqox/P8XHyf+Ivtln0POehoAp:RetrlHjMhd//Eq/0Xy2cn0Wehn
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-