General
-
Target
2a995261d450e20c8da8285ec731e66129e9a692ad8adee320affba23a3c3646
-
Size
339KB
-
Sample
220521-nx186sece5
-
MD5
31ad2480c2981dd3fa0e5b85a608e15c
-
SHA1
235d8822b64116a75f3c2eedcd66cb6c9bff6601
-
SHA256
2a995261d450e20c8da8285ec731e66129e9a692ad8adee320affba23a3c3646
-
SHA512
5f5948a2afd209331e8c7000368c2ab226b1147f9d3546c0962ee74a134810e7f83ad4daf6c3b94ddde6c53a663800d21859bfefd78cadd335060941ddeb5a09
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.actionassist.co.uk - Port:
587 - Username:
sales@actionassist.co.uk - Password:
benjamin76
Targets
-
-
Target
SOA.exe
-
Size
394KB
-
MD5
fa27473a151b9bd5302c23bfab809b7f
-
SHA1
65ed59245eb03563745b3508afb7b142221bacac
-
SHA256
1b69bce4e5b7966a2bdc844ac33899746692b7fef019019c08986f295eb7d001
-
SHA512
8845edd5fd6a82f05bce1df6c76d69a6b7ae127932cde8849e720d48b4f7e4fc1cf9abaac729f10cb7f2821ab5ba491a7ae8f0f28a18625751e26dcb9fba880c
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-