SOA.exe

General
Target

SOA.exe

Size

1MB

Sample

210122-nhhlzzlnsx

Score
10 /10
MD5

e5abb827d35873d229a1e77788fe322e

SHA1

f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4

SHA256

fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d

SHA512

f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b

Malware Config
Targets
Target

SOA.exe

MD5

e5abb827d35873d229a1e77788fe322e

Filesize

1MB

Score
10 /10
SHA1

f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4

SHA256

fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d

SHA512

f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation