General
-
Target
REQ-102.rar
-
Size
588KB
-
Sample
240619-s49lcaxenr
-
MD5
bac7dcfc4f1a2ab011cf5e7bb7f25d47
-
SHA1
113b9ebf38182ab007d71638ac283f0419cd15c3
-
SHA256
dd82066c688d81cd40cd1e83b7c174a0f1f78fc27d7f20d0d8ee5c27899bc30d
-
SHA512
a3d5f8bb32de6a3dc42f5611735d5b1f52f86598db6f170201a4c17ab6c2af7d99c72709bcd250e6534411bbe0736541c5cfdf94953c86e026e96595351ecdbc
-
SSDEEP
12288:gwK8edctZNpH7DDwXxQ7ursuRc3UBY8fKdNIVTiq9A81uSSKAMc:gwedctZL0xQ7urpR1LHVhA83I
Static task
static1
Behavioral task
behavioral1
Sample
REQ-102.exe
Resource
win7-20240221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rrcindia.co.in - Port:
587 - Username:
[email protected] - Password:
Goyal@0783 - Email To:
[email protected]
Targets
-
-
Target
REQ-102.exe
-
Size
619KB
-
MD5
54717bd17e89c3a6f5a50dcf44eac950
-
SHA1
f501915427a67f49e84610bcda2815e1878f42c3
-
SHA256
16543a3c488ed91a0a0a6c0ae664808f054a6675924826eb2b0174e007fdd1bb
-
SHA512
b76f2c391b418f238b3c5ab95e91131b4dc483fbad626f53e70e355e9f7d72a3b299d325b3d7930defcede4875307a705d70cc91d6d67ade5aea04a10ce7ec11
-
SSDEEP
12288:awiwSEb5Oy9jciqU09DZOi4WUi51EUJIkzsfu2WRP89RFkj7D:7jwajp09DZjUiTnIssfuxGb2
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-