General
-
Target
SOA.exe
-
Size
693KB
-
Sample
211202-hj77nsfde6
-
MD5
d6264b641a92dc68f18a0b2ad6a8b7b7
-
SHA1
3810f6de85581a6e58e983f332044e36c9e19703
-
SHA256
cae83e99c0f43ff07b4ca8965f740e463378e3547323feb5331bb50f8c333873
-
SHA512
72d30018fc2996afe1b62f52dbd5053ed5ad44f4301ef4e24fca52fc7bb0adb0ec6060ae3692a2b2a5f34313f64b0e79f59e37f288d050010460bc1fa65c1dce
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.scsgroups.com - Port:
587 - Username:
[email protected] - Password:
Scs@looi1007
Targets
-
-
Target
SOA.exe
-
Size
693KB
-
MD5
d6264b641a92dc68f18a0b2ad6a8b7b7
-
SHA1
3810f6de85581a6e58e983f332044e36c9e19703
-
SHA256
cae83e99c0f43ff07b4ca8965f740e463378e3547323feb5331bb50f8c333873
-
SHA512
72d30018fc2996afe1b62f52dbd5053ed5ad44f4301ef4e24fca52fc7bb0adb0ec6060ae3692a2b2a5f34313f64b0e79f59e37f288d050010460bc1fa65c1dce
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-