General
-
Target
SOA.rar
-
Size
411KB
-
Sample
211203-taaetsbhf9
-
MD5
74054d737b45e4f7f2de8d5cbaf8f734
-
SHA1
05b6678abcbc638a7ec2f53b103e8424f2b13841
-
SHA256
a309a8b0c405009d29c094dffd08aa06b7177bd1da63af3a245b898dd7280843
-
SHA512
41ab8707f69059e03241829a584534c654876f83129f89f01a08e343abf9d4336bfebf5f37d5da7ad93074950849b98cc2eba7077a476da7650d3ad1e573c1d2
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10-en-20211104
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.diva-italia.com - Port:
587 - Username:
info@diva-italia.com - Password:
rr.@%5LjgLz7
Targets
-
-
Target
SOA.exe
-
Size
461KB
-
MD5
535601aee80184cc14b5b6c09c537388
-
SHA1
ab8382b1cf0b3720142b6228c135297aee3499a0
-
SHA256
978af7262496623fb8d5c7be95346ccccf2ce304a72d641e20a866f51f93a02b
-
SHA512
63dc2a9c4ffa870c1613f343e766337b0549b7fc0d70c531d5491157493e4b89ae12d5ef2a9fb96f6eee5cf1319ed628d71eeeb6733f29328d94bd8f0210294b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-