General
-
Target
017dcb7a984321a869fa38b898bb08249eaa2a5a24684ecd365eb4f3f21535a1
-
Size
487KB
-
Sample
220521-d5v21sghc8
-
MD5
44ca64ef7c06f4a235598151d2a6826e
-
SHA1
2b77e87644515f4896d132898d278b44d3fe6b8f
-
SHA256
017dcb7a984321a869fa38b898bb08249eaa2a5a24684ecd365eb4f3f21535a1
-
SHA512
8532106e0aaef679620cbc97a7cc1af3936aedf541e422742cd927accdc44c3b7d31b7abb795fccfe82077fc31c0bc5ae21adb1b45247693bfe46d494907ef2a
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.microtechlab.in - Port:
587 - Username:
[email protected] - Password:
pune@123
Targets
-
-
Target
SOA.exe
-
Size
586KB
-
MD5
a1d0775f927324ce39ff4f928081d524
-
SHA1
a43fbe55933e59d43b8d953da3e6414a3d2ba9a9
-
SHA256
397c2b4608c484eec2613bea0baa9b7e7b163b9ac27e3a197d5fdaf46792f605
-
SHA512
1beccdc50599e5aa79d13de67d661ff43a1844c038359ac2281a1ecc8fd2bc707fe9939202325f9d1cc914060d0fa54d813e51990063443cda8e5473b800b839
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-