Overview

overview

10

Static

static

SOA.exe

windows7_x64

10

SOA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA.zip

  • Size

    386KB

  • Sample

    211202-jqaqeschap

  • MD5

    826adcdaa7b74de17ef453c58dd3b27d

  • SHA1

    b49e262246b2bdc55abef0d61da812577b28ccec

  • SHA256

    49785076c618fb94dd4418fde1896e9c830119b8750c0ec8acfa56ec06a474a6

  • SHA512

    8b3c2cd91b65e2a740c23c22a9b5c6b2531d43881a047378ce729b46db1b69f5a5eef98f4bad9b4b35694366d3e1207807e8228bb9b9a9f486e6001f88d93fd6

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.khawambros.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    1EJRh0xnEN549JSbdZHz

Targets

    • Target

      SOA.exe

    • Size

      482KB

    • MD5

      c19417f92b007af50ba9ae328c693d0f

    • SHA1

      7eddf0cf2dcf2546e7d679bcd1341591c6f5d3ae

    • SHA256

      ef0c12e1c56d5e674a83f56e8e21b485bdcf7d45e0c97e02669d5e8604cebafc

    • SHA512

      700153ca06ca6b43a053db6ac1ead5e9de6e3f27426dd362d67fe5fe5064948c56847503965c2846f0304a2365d5f34f1fdd119c445770e1272b68926b5d9041

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • AgentTesla Payload

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks