General
-
Target
7dd9950cfbe6feaab2eba055ba3144b50371ecbca3f476375d2de26123486b1f
-
Size
348KB
-
Sample
220521-nc6yxsgfar
-
MD5
018c1db7d61b78ec03a8a73d89ab35b4
-
SHA1
8e32a75e33d34a5416bcf4abfe38b1094c2c819c
-
SHA256
7dd9950cfbe6feaab2eba055ba3144b50371ecbca3f476375d2de26123486b1f
-
SHA512
7edf273e17f8cbde795a282e8a8e7343d132063b79eb2c0f6da7596ac226fbc0a93885108139118f60170dfa300b5247046f4a6ee8bf8c02006037b7785507c3
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.ru - Port:
587 - Username:
leonardo.doro@yandex.com - Password:
bigboy5570@@@@
Targets
-
-
Target
SOA.exe
-
Size
416KB
-
MD5
59c3cd7474ff46cf6ec70bb387663b19
-
SHA1
b60ca2275182a0aaeadaf5097752ed2477297383
-
SHA256
713485dd990b5f709f17842623a1f3b8bcc381d98436683ab828b4487d338ba3
-
SHA512
e49bfeb064f5ea25e4a4b2ad7c142c99468d7f59b3ab148c0e8b05105c99d095941be2c00ee79bab82a132ab9fee4ffb555b3169997880ef1f2ffaeeca36352c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-