General
-
Target
REQ-101.rar
-
Size
588KB
-
Sample
240619-s45mdssgpe
-
MD5
b798cd8c8b2b7d3aa8d26c20699507a4
-
SHA1
c800bf6c50face4303e79bc05f1b1540d22ec8cf
-
SHA256
e5f1fc1f7264e52ed9bf5e883704f706d310f061deef1f8992e60fee2abf48e3
-
SHA512
c9a827a54820ea9ce997255e18b04bd28240ff7e9fbc9120f9273a6b327c40cd12ee9b4d4db44b6174cfb9f6328a641cf2bdb4f2632d1ff16d92f8c8500ac386
-
SSDEEP
12288:GwK8edctZNpH7DDwXxQ7ursuRc3UBY8fKdNIVTiq9A81uSSKAMa:GwedctZL0xQ7urpR1LHVhA832
Static task
static1
Behavioral task
behavioral1
Sample
REQ-101.exe
Resource
win7-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rrcindia.co.in - Port:
587 - Username:
[email protected] - Password:
Goyal@0783 - Email To:
[email protected]
Targets
-
-
Target
REQ-101.exe
-
Size
619KB
-
MD5
54717bd17e89c3a6f5a50dcf44eac950
-
SHA1
f501915427a67f49e84610bcda2815e1878f42c3
-
SHA256
16543a3c488ed91a0a0a6c0ae664808f054a6675924826eb2b0174e007fdd1bb
-
SHA512
b76f2c391b418f238b3c5ab95e91131b4dc483fbad626f53e70e355e9f7d72a3b299d325b3d7930defcede4875307a705d70cc91d6d67ade5aea04a10ce7ec11
-
SSDEEP
12288:awiwSEb5Oy9jciqU09DZOi4WUi51EUJIkzsfu2WRP89RFkj7D:7jwajp09DZjUiTnIssfuxGb2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-