General
-
Target
30b1ef81ba83efad15a43595668ebf2fafd1f333e8da39206a3609176fb08482
-
Size
603KB
-
Sample
220521-bbweksbfe9
-
MD5
e274ed158e1006169d54468a2be747c8
-
SHA1
00f132c11e1c4e91ee14f0f55ea7727243b69650
-
SHA256
30b1ef81ba83efad15a43595668ebf2fafd1f333e8da39206a3609176fb08482
-
SHA512
0b980aacbf78ece2e513d8fa3f85b37f06c143dcf49a2721d4889cdf22bd103cb93926e9443a5e6b8477de3271369f5626809cfd79b1f179df515408fcf565f2
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
js}$_IlwF1q4
Targets
-
-
Target
SOA.exe
-
Size
817KB
-
MD5
969bc5de231121ad500da10b4f057b4a
-
SHA1
5c23c8e44dd35679ed5da8f156c6aef3c012ddc4
-
SHA256
268ac75f4db4a543ee71bb227ed2561f0a94fac62bfc71813b8730d0ca75d14e
-
SHA512
66c2b2dfd1d13725804ecff84b0c9acd45de3a84e7e0cc0a021a7e0fb960aeef59cd614bcbcf19e994ede84da7933aeec30e2fed0d8eea35d77ca4aa4ad234fc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-