General
-
Target
69f8a5c1c6cc3a38c16323205d857f376e0f8831f0fb4de555b736fd237cd646
-
Size
386KB
-
Sample
220521-dbqkfafda5
-
MD5
4ef92208f1a1d2c2a1edb965cdc2c377
-
SHA1
006b58e4abd19bfff7b434209ad5a492fe64c8df
-
SHA256
69f8a5c1c6cc3a38c16323205d857f376e0f8831f0fb4de555b736fd237cd646
-
SHA512
6c7c522982d5da9662510e01fe1185b4d1a7052d0ba4d47b3f690009c3d35610d624a71ac9af4f0273bd62e39e4180c543e5f7e0d240d09fe85892a6f81de8c5
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rajapindah.com - Port:
587 - Username:
[email protected] - Password:
#r4j#citeureup#13
Targets
-
-
Target
SOA.exe
-
Size
486KB
-
MD5
8083a9f113f6ee458ec96ae28c423ffc
-
SHA1
f6a0b2a4f1d86181771f1f71850a5ae682e62dc1
-
SHA256
286746a21e00a444f5dba54bf184545a1a8a5c5c5d813139f130ee0940d0009f
-
SHA512
e496fbb0afeed32c7f6f9044ae113201d17cd6bb941a4bcda53dc62fbcfff4baabfb77ba237fcc628b948a9fbc4fcdb2d12955476a2d1af8681f273a7f8dcbcc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-