General
-
Target
b51eefd9069961db219fa4932a1217285e7b2bbe13d2e5648b7789333aec48c4
-
Size
496KB
-
Sample
220521-nbj3rsddd5
-
MD5
83a346d61094871e323f2054c9b335c0
-
SHA1
236364562118e26e5917c93cb37bc58abafd24c7
-
SHA256
b51eefd9069961db219fa4932a1217285e7b2bbe13d2e5648b7789333aec48c4
-
SHA512
b2e419da7e7b31bf41d4c8e3020cb959c7716520a059c051014acdf8fb032e7fda7562aebf2b7dd3c0b9e163679fb98df5cd382694cf0099221638a0889f0ae4
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amexworldwide.com - Port:
587 - Username:
sujit@amexworldwide.com - Password:
sujit@41#
Targets
-
-
Target
SOA.exe
-
Size
821KB
-
MD5
a445c10e946c6374763f1073e3aacdbf
-
SHA1
a9dbaa9b65d0506ca3ae92326dba7c1300a9cda5
-
SHA256
1c6bb472f44c4e6ddb6b74a9fd411b802dd502a92fe4cce7e4a0959a8030ffb6
-
SHA512
8f222f5861969b264165e4cc3e55e30b33774213319ece2526c2e23bd77358c7eecda6fb5ae052850496c8980923c7e1caa150241e6c6cfdb819093de977b822
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-