General

  • Target

    SOA COPY.zip

  • Size

    539KB

  • Sample

    210420-s6n8rd913j

  • MD5

    c36ad7f2af4301e441cc4a3145a83708

  • SHA1

    f53064308daaf5012ae26da7a2f18de34b4f23fe

  • SHA256

    269c4d49f4199df590c3de0143d04944e646060c891e2e075c95d13e4c5699d7

  • SHA512

    1f3ef61db7b072ccd64d89b7e1f63150f49b9377add902ff44c1c2065f840753ea48a41459f67188a42da4ff3fbf6fd2f4cbef28ab97e561ed2c971bbc095551

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    a2plcpnl0347.prod.iad2.secureserver.net
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Admin_123

Targets

    • Target

      SOA COPY.exe

    • Size

      611KB

    • MD5

      5b06b2e2ac7a46b0a010e22b8b757842

    • SHA1

      32ca16c02b65b3c926afdda78cb01f760f07cb88

    • SHA256

      e8834d8376e9d83c926bd5ccbaf4af8bf76ad6d49fb4245a69253e5052293e07

    • SHA512

      50ba996ab550bf3697d3bb942097fff13f46a2e218758231b918181114df0fb99e938a62ea07cb2a0a0d4a733bd0a8e18122182afb7cc8026809043a57cfd495

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks