General
-
Target
eda6ef163704715bc6ab74b299b326c1b9d309f77c578e66b28f6d36fb0f33b3
-
Size
348KB
-
Sample
220520-3lkjlshbb4
-
MD5
71173123c1b5c8f1dbdb21f366e19843
-
SHA1
83ec369d8995919eb877c86f030af6d003da8fd5
-
SHA256
eda6ef163704715bc6ab74b299b326c1b9d309f77c578e66b28f6d36fb0f33b3
-
SHA512
72632b98ce7ba4066b2d2a3ab8fbf7c451613e6b07bdeb3ca63d67d8f6710f56462e47477cde5bd63b15d779d471cd1b2c9990c600077f5e1fb5f6a822bf2d18
Static task
static1
Behavioral task
behavioral1
Sample
SOA july.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA july.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
1xH}wgu7}f%E
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
1xH}wgu7}f%E
Targets
-
-
Target
SOA july.exe
-
Size
446KB
-
MD5
49f4d61510b00da46d1ed0081dadd436
-
SHA1
9259413803d64671da96bc27c1ca10b87e3a5688
-
SHA256
7666a9640caa1cd3032c124ae3b763f280cae9da5028586721e3aed9f476bf2d
-
SHA512
49aa2a1fbbd81ee8b3829292509aad3a62574cd380a16f5b44fa96229572a8bd43981abd8f6a590684322b94bccdecf6610123d24bfcb3da69cdb0f1999fb116
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-