General
-
Target
7b3f4356dee4abc9afc695a46d21c17c97e8fe6824718fb8720a66ed4e2a6dc9
-
Size
512KB
-
Sample
220520-3cel1abehn
-
MD5
6c65ac876f24eb732652546dfc1c1b84
-
SHA1
c7da095baf4c8eac604cc31d895bde7c2b88b03c
-
SHA256
7b3f4356dee4abc9afc695a46d21c17c97e8fe6824718fb8720a66ed4e2a6dc9
-
SHA512
58a973c87c2f4123edb32ddbb4fa74479009f84c70c0660c9fa5aaf2c68cedda0914e9ec2f2987e5c734ef276209e002c86483bbe4e2bcd892526b8d494973c7
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.palcoman.com - Port:
587 - Username:
[email protected] - Password:
GgwWVBJ5
Targets
-
-
Target
SOA.exe
-
Size
687KB
-
MD5
95cbcdfe7d89c89c759303a0e845d8b1
-
SHA1
3950ee91663e1142e889208c474ebc7d36995d5c
-
SHA256
f82fcb01f1334b2885bc090c3bc8bc587f64919b9739e95ffe12c9e5d5bc11cd
-
SHA512
c00438306fe5bfae406db98ea71779745ebbe4643c2993fb12a47a13dca2de5c71ec40a81cbf8d9e7ad3901b6921ef9e46d7bd01d597c89df6a494ed20493e31
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-