General
-
Target
SOA.exe
-
Size
461KB
-
Sample
211202-qjxpyabhe4
-
MD5
535601aee80184cc14b5b6c09c537388
-
SHA1
ab8382b1cf0b3720142b6228c135297aee3499a0
-
SHA256
978af7262496623fb8d5c7be95346ccccf2ce304a72d641e20a866f51f93a02b
-
SHA512
63dc2a9c4ffa870c1613f343e766337b0549b7fc0d70c531d5491157493e4b89ae12d5ef2a9fb96f6eee5cf1319ed628d71eeeb6733f29328d94bd8f0210294b
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.diva-italia.com - Port:
587 - Username:
info@diva-italia.com - Password:
rr.@%5LjgLz7
Targets
-
-
Target
SOA.exe
-
Size
461KB
-
MD5
535601aee80184cc14b5b6c09c537388
-
SHA1
ab8382b1cf0b3720142b6228c135297aee3499a0
-
SHA256
978af7262496623fb8d5c7be95346ccccf2ce304a72d641e20a866f51f93a02b
-
SHA512
63dc2a9c4ffa870c1613f343e766337b0549b7fc0d70c531d5491157493e4b89ae12d5ef2a9fb96f6eee5cf1319ed628d71eeeb6733f29328d94bd8f0210294b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-