General
-
Target
3b851cdb7318d975f510336e3fa77b0c367c45c57173d4f3406c9d1bc369096b
-
Size
2.0MB
-
Sample
220521-xcyf8aegcp
-
MD5
a06fc8cf22ec4fe7c1b51443bddba18f
-
SHA1
476ce5fcb018b5df571832093f186c8e87f3fc4f
-
SHA256
3b851cdb7318d975f510336e3fa77b0c367c45c57173d4f3406c9d1bc369096b
-
SHA512
a21fbdb0da78ccdba33141b2cc989df98709d70745aabb8918b4f7e0db3f4f87faf841dbe2f761a70a3c6e9055b99913a91c4e66f5f41cd8eb7812ec1b8a529a
Static task
static1
Behavioral task
behavioral1
Sample
SOA.rar.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SOA.rar.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.parshavayealborz.com - Port:
587 - Username:
info@parshavayealborz.com - Password:
P@rshava123456
Targets
-
-
Target
SOA.rar.exe
-
Size
2.0MB
-
MD5
6e87a2e7ef62721a2aef357431076a7a
-
SHA1
1cdf35c6ea661a2ef0461d7b8de441eb8dd802b1
-
SHA256
5f409bddf5b4efe31ec833332774381385c1a31e3e2d8e5e3b2d2f934be0a5a7
-
SHA512
a752bb0fb663a27d4034478f3b4b63e005ce5b95a3db699b7918a59583e25182b50eca769994008bf6fc00ad9819daa91f476384c12e5511f8716da668f221dc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Drops startup file
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-