SOA.exe

Target

SOA.exe

Size

1MB

Sample

210122-nhhlzzlnsx

Score

10 ^/10

MD5

e5abb827d35873d229a1e77788fe322e

SHA1

f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4

SHA256

fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d

SHA512

f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b

Target

SOA.exe

MD5

e5abb827d35873d229a1e77788fe322e

Filesize

1MB

Score

10 ^/10

SHA1

f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4

SHA256

fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d

SHA512

f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b

Signatures

AgentTesla

Description

Agent Tesla is a remote access tool (RAT) written in visual basic.

Tags

keylogger trojan stealer spyware agenttesla
Drops file in Drivers directory
Adds Run key to start application

Tags

persistence

TTPs

Registry Run Keys / Startup Folder Modify Registry
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

behavioral1

agenttesla keylogger persistence spyware stealer trojan

10^/10

behavioral2

agenttesla keylogger persistence spyware stealer trojan

10^/10

Tags

Signatures

AgentTesla

Description

Tags

Drops file in Drivers directory

Adds Run key to start application

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2