General
-
Target
c81aa4ddf9b2a7d6057733906ad1efdbe5b329d4ecdedcb4f7efe9ffb529a5fe
-
Size
433KB
-
Sample
220521-nd39esgfel
-
MD5
84f83e5f5f853b95093a05946dc57ee6
-
SHA1
eba4826bcd35d555ca6f9cf9839a96b3df0efbd1
-
SHA256
c81aa4ddf9b2a7d6057733906ad1efdbe5b329d4ecdedcb4f7efe9ffb529a5fe
-
SHA512
5a09e37b7bd5d8aa5d1df532970a5e7cb3b0d0fc8f107eda854cfc599b930cc2891df8ec1e9fd57524a3a2eef102493b4d49e272f7223fbe206537ee584ac8e3
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mosaiclayouts.com - Port:
587 - Username:
[email protected] - Password:
1xH}wgu7}f%E
Targets
-
-
Target
SOA.exe
-
Size
544KB
-
MD5
0303bb754b89511d9330d2f242866e9b
-
SHA1
d6c35405714802ad2f44adca90331654fb5f08c1
-
SHA256
7e5a3cc0dac44399ef51e94acda887d0e1730cca94ea90109b04298cd93b407b
-
SHA512
cdcb9c2419f0136b4d3358fa90ff5bf240325c53d6948343beb190a778be5321a1da7a999caf9a091bd4b34c707d5ac33b609c7a35d9a8c5cddf166277a23bdc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-