RE Outstanding SOA Settled.exe

General
Target

RE Outstanding SOA Settled.exe

Size

1MB

Sample

210727-haye5pkjn2

Score
10 /10
MD5

6b0ab04930cae57ff38824d56966fa8d

SHA1

692d265b64797b571af7fa3ed56b8d3b0ac783b0

SHA256

2cfb7adb214ef9393727628ebe22af87ad00d3bdfc19655be69b6f3617b9b539

SHA512

929dc549764139fe28458e78494e1a71cc0183297b2212841c46a42a57858e2b6737aed33a407464b7a0fbdff2f38b5778770ff8ed7168d9a14d2063538e09a7

Malware Config

Extracted

Family agenttesla
Credentials

Protocol: smtp

Host: smtp.vivaldi.net

Port: 587

Username: preshstan@vivaldi.net

Password: chidiebere123

Targets
Target

RE Outstanding SOA Settled.exe

MD5

6b0ab04930cae57ff38824d56966fa8d

Filesize

1MB

Score
10 /10
SHA1

692d265b64797b571af7fa3ed56b8d3b0ac783b0

SHA256

2cfb7adb214ef9393727628ebe22af87ad00d3bdfc19655be69b6f3617b9b539

SHA512

929dc549764139fe28458e78494e1a71cc0183297b2212841c46a42a57858e2b6737aed33a407464b7a0fbdff2f38b5778770ff8ed7168d9a14d2063538e09a7

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • AgentTesla Payload

  • Drops file in Drivers directory

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation