General
-
Target
SOA.exe
-
Size
569KB
-
Sample
210122-5vgdd8kfee
-
MD5
1367e39bbc813a591450821d14fcee00
-
SHA1
7b256a62cdf9fc4f9f9e01ba7bcd59c0be57f26b
-
SHA256
556ed5ff3846f0bd67b9dce457aa749c843a164f644accde3ed5b87851a34abe
-
SHA512
30e7e340156e0fe6f75919da9c6e3ea773e7343cbe09bc3be11b8b2f8b1f3272177d8a53a7ace571f8dfc084881d7e637ae6d244afce2f60e0791b3bcf3a7877
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
paola.micheli@copangroup.xyz - Password:
gibson.1990
Targets
-
-
Target
SOA.exe
-
Size
569KB
-
MD5
1367e39bbc813a591450821d14fcee00
-
SHA1
7b256a62cdf9fc4f9f9e01ba7bcd59c0be57f26b
-
SHA256
556ed5ff3846f0bd67b9dce457aa749c843a164f644accde3ed5b87851a34abe
-
SHA512
30e7e340156e0fe6f75919da9c6e3ea773e7343cbe09bc3be11b8b2f8b1f3272177d8a53a7ace571f8dfc084881d7e637ae6d244afce2f60e0791b3bcf3a7877
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-