General
-
Target
SOA.exe
-
Size
889KB
-
Sample
210507-89s5pvhvgs
-
MD5
88bee4665c30b61ba3ce47a6f5f6235f
-
SHA1
dea1443a4f05d4d17b0b019f0093f1c602c4701e
-
SHA256
af48d211d5bd97dbf5142304c87250f50244cc4b6649af0cd5e7fcc2193d03ed
-
SHA512
a039afa9a6a11ecd4b571a05bb094721deed9d04870f7c99f0818fdbeecd5abb0f3c68c843471ce06dee1492e8bcb7ec22703ef44c4fdcc22823c80151bc49fd
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
pagosbogaitrans@vivaldi.net - Password:
Qwerty2020Hp##
Targets
-
-
Target
SOA.exe
-
Size
889KB
-
MD5
88bee4665c30b61ba3ce47a6f5f6235f
-
SHA1
dea1443a4f05d4d17b0b019f0093f1c602c4701e
-
SHA256
af48d211d5bd97dbf5142304c87250f50244cc4b6649af0cd5e7fcc2193d03ed
-
SHA512
a039afa9a6a11ecd4b571a05bb094721deed9d04870f7c99f0818fdbeecd5abb0f3c68c843471ce06dee1492e8bcb7ec22703ef44c4fdcc22823c80151bc49fd
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-