General
-
Target
4c242826d6efa9629384f98d7e1bfc45f1ea6c628f504cf6f880c429e1b713f6
-
Size
391KB
-
Sample
220521-mm2aracaf3
-
MD5
3bce9327e6df57cfbc30c987f12d3c2a
-
SHA1
fe71be2a7e7efed4d23c29f79d08556c34f1aba0
-
SHA256
4c242826d6efa9629384f98d7e1bfc45f1ea6c628f504cf6f880c429e1b713f6
-
SHA512
d508c08e89513d82622c18c62b0f362e36b776096967904c7bccc6c6cf1a9cc949bc3cbbdb9ed311379dbf7de60d9f53b1b297d91546207765185ebe2807e94d
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Extracted
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
[email protected] - Password:
bigboy5570@@@@
Targets
-
-
Target
SOA.exe
-
Size
682KB
-
MD5
ec2b532d9dbebba1ffcd72a8206b6d0f
-
SHA1
dda450e2d612fe24e3578e6c1b1d7e058cb94d6f
-
SHA256
42c563ce8d199292f5643e1728f6cd15c4419eb957b408f37ff066564774c50c
-
SHA512
d762a92268bb7577f884449c5016b51086108b965b485ac3dc18d6ffb0c08543b8a72a3e63600b00ef083c1433c064839454f75edab78f16be4b0e590e181476
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-