General
-
Target
SOA.rar
-
Size
523KB
-
Sample
220930-rmtywsdge6
-
MD5
e1132be8a1d4f8401c5d313427a16576
-
SHA1
b11742e7cdd68d0aedbef21ce587fce1efea1c53
-
SHA256
215482ad2ccdf0bb938479c8f442de03cd24398a7a49fe36f953296b520f3edf
-
SHA512
c96e5f2e668e9a81fa6d7889886838f057288f0cd8d35e87e9625f88e918f87e32b57aa5b18ad584fcdcae4079186c8bea7d5fc0f46ea48c3d267ef2f012362f
-
SSDEEP
12288:uIZP3FXuO3KG95sDoEZQ60vqkATCVv2IHqoA9gUgKX8n7DwD:DZNuO3KssjmvDATCV5LNK+7MD
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5662683474:AAFvSjyPXTiwhBPcFi8of3_-_FCdfhhN8x0/
Targets
-
-
Target
SOA.exe
-
Size
781KB
-
MD5
05963cbe736805e0168a5fb3d6e6ae6b
-
SHA1
14dd852164396f3e05b6b3469263c497851f6f0c
-
SHA256
61b7c784665ee5e76aec4437bfcf67378d075f26fbb3a0dcabce328b3778a8be
-
SHA512
51b9207c2ccf5a6931660c623ed18a97c8a12ba0758ae891f54825114c0aa8a05ce70af42bcf8108e4835f7356e6a08d4b547d30a621cfcfb7d67ff38294fac0
-
SSDEEP
12288:qdxsEH/ARUwqxwZNVls4QM8tOqO5c1UADqjJ5nl0+9MK:qwEoMYNbsKbc0jrZe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-