General
-
Target
SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe
-
Size
671KB
-
Sample
240429-fypmrsbg7y
-
MD5
fd9af8f629d0d2e3e8cc132cdff97497
-
SHA1
1552f3db433eb345809069d011f2fb9684032738
-
SHA256
5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf
-
SHA512
227da1c0f9e83d3b0e757f269b32d617aec47990c5eb6f6787b6036951bab11f5f51051b1c56478fedc1bb8ae04de8404db5d67c437d4c5f20faa1645a77598e
-
SSDEEP
12288:y5B778QHjEpFzOiLqWEtkHyog+rUVHwP3yu1c2b2PIfQzk3bjzgtVlHxPpoTFqph:6BBiFz7LAkHDUVQPCu132csk3zybR+TS
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vw-rmplcars.co.in - Port:
587 - Username:
[email protected] - Password:
Gagan#456 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.RATX-gen.18898.23590.exe
-
Size
671KB
-
MD5
fd9af8f629d0d2e3e8cc132cdff97497
-
SHA1
1552f3db433eb345809069d011f2fb9684032738
-
SHA256
5d2b78785f719fda04cda095b4dfb75d00440fc39ab6e52d176a74786541bdaf
-
SHA512
227da1c0f9e83d3b0e757f269b32d617aec47990c5eb6f6787b6036951bab11f5f51051b1c56478fedc1bb8ae04de8404db5d67c437d4c5f20faa1645a77598e
-
SSDEEP
12288:y5B778QHjEpFzOiLqWEtkHyog+rUVHwP3yu1c2b2PIfQzk3bjzgtVlHxPpoTFqph:6BBiFz7LAkHDUVQPCu132csk3zybR+TS
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-