General
-
Target
RE Outstanding SOA Settled.exe
-
Size
1.0MB
-
Sample
210727-haye5pkjn2
-
MD5
6b0ab04930cae57ff38824d56966fa8d
-
SHA1
692d265b64797b571af7fa3ed56b8d3b0ac783b0
-
SHA256
2cfb7adb214ef9393727628ebe22af87ad00d3bdfc19655be69b6f3617b9b539
-
SHA512
929dc549764139fe28458e78494e1a71cc0183297b2212841c46a42a57858e2b6737aed33a407464b7a0fbdff2f38b5778770ff8ed7168d9a14d2063538e09a7
Static task
static1
Behavioral task
behavioral1
Sample
RE Outstanding SOA Settled.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
RE Outstanding SOA Settled.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.vivaldi.net - Port:
587 - Username:
preshstan@vivaldi.net - Password:
chidiebere123
Targets
-
-
Target
RE Outstanding SOA Settled.exe
-
Size
1.0MB
-
MD5
6b0ab04930cae57ff38824d56966fa8d
-
SHA1
692d265b64797b571af7fa3ed56b8d3b0ac783b0
-
SHA256
2cfb7adb214ef9393727628ebe22af87ad00d3bdfc19655be69b6f3617b9b539
-
SHA512
929dc549764139fe28458e78494e1a71cc0183297b2212841c46a42a57858e2b6737aed33a407464b7a0fbdff2f38b5778770ff8ed7168d9a14d2063538e09a7
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-