SOA.exe

General
Target

SOA.exe

Size

569KB

Sample

210122-5vgdd8kfee

Score
10 /10
MD5

1367e39bbc813a591450821d14fcee00

SHA1

7b256a62cdf9fc4f9f9e01ba7bcd59c0be57f26b

SHA256

556ed5ff3846f0bd67b9dce457aa749c843a164f644accde3ed5b87851a34abe

SHA512

30e7e340156e0fe6f75919da9c6e3ea773e7343cbe09bc3be11b8b2f8b1f3272177d8a53a7ace571f8dfc084881d7e637ae6d244afce2f60e0791b3bcf3a7877

Malware Config
Targets
Target

SOA.exe

MD5

1367e39bbc813a591450821d14fcee00

Filesize

569KB

Score
10 /10
SHA1

7b256a62cdf9fc4f9f9e01ba7bcd59c0be57f26b

SHA256

556ed5ff3846f0bd67b9dce457aa749c843a164f644accde3ed5b87851a34abe

SHA512

30e7e340156e0fe6f75919da9c6e3ea773e7343cbe09bc3be11b8b2f8b1f3272177d8a53a7ace571f8dfc084881d7e637ae6d244afce2f60e0791b3bcf3a7877

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation