General
-
Target
e0d8264fabf1ca2d192a05422252289a76a594036ebc757e5f9ae69ed83d525d
-
Size
493KB
-
Sample
220521-ny2w4ahdhp
-
MD5
37378ea5d80afa23a1981a9411a0d26e
-
SHA1
5c6ade0ffaef2e6043ffba23913c4e1783573a17
-
SHA256
e0d8264fabf1ca2d192a05422252289a76a594036ebc757e5f9ae69ed83d525d
-
SHA512
db51fbb7a34b09a725c67c891df5e2ed9b98ebfb191e0bbfe79d43da223c2bcf2e2b7242d1e954280106e448dacccbd3ff1d3562891fce8189d898b213ea1bd8
Static task
static1
Behavioral task
behavioral1
Sample
SOA APRIL.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA APRIL.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tolipgoldenplaza.com - Port:
587 - Username:
dir.fb@tolipgoldenplaza.com - Password:
Golden@#$2019
Extracted
Protocol: smtp- Host:
mail.tolipgoldenplaza.com - Port:
587 - Username:
dir.fb@tolipgoldenplaza.com - Password:
Golden@#$2019
Targets
-
-
Target
SOA APRIL.exe
-
Size
586KB
-
MD5
2a0f351d2091f584260d729a5b278a84
-
SHA1
d1738ccabebe0c330b5c14505744948a76492ca9
-
SHA256
0ed8342c19d8ff14d83588ca91cc6b5ab6bd811de15f05e5497d62ba25e56365
-
SHA512
7ae35c5867ec9c3967ac738484f3ca6994b67154e8873d58a497ba30625ad7a1fb858f3b2f8f1b72bb1c6483bbf2f57df9beaba1f1d42b9cbb47e3602baa1880
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-