General
-
Target
SOA.exe
-
Size
524KB
-
Sample
201109-6nl7xh4nh6
-
MD5
5c35980b02c0b8d7215bed3cce049a0c
-
SHA1
91c0cf0dc6099389d3c9994b9090796b6b1837b2
-
SHA256
e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d
-
SHA512
61d12686a47afbd27754f06b245b091e38ee4cd5fc44f1842ce575268b735e06eccfbc107a956df25219836cd5fdff883fbca82c8ee952abdaacef99574d3154
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dianaglobalmandiri.com - Port:
587 - Username:
info@dianaglobalmandiri.com - Password:
Batam2019
Targets
-
-
Target
SOA.exe
-
Size
524KB
-
MD5
5c35980b02c0b8d7215bed3cce049a0c
-
SHA1
91c0cf0dc6099389d3c9994b9090796b6b1837b2
-
SHA256
e6eb2ae2e4e6d4ee40266c80f99169f284c67a901c7fff826d4156663910180d
-
SHA512
61d12686a47afbd27754f06b245b091e38ee4cd5fc44f1842ce575268b735e06eccfbc107a956df25219836cd5fdff883fbca82c8ee952abdaacef99574d3154
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Suspicious use of SetThreadContext
-