General
-
Target
SOA AUG.exe
-
Size
1020KB
-
Sample
221003-hsnvdsdhcq
-
MD5
2eb66c93f9c91a74318ebc392493ca52
-
SHA1
413c465e27584a06ca25cac602149a90e2accaa1
-
SHA256
9b27d471b33160457e05277ef547cb15d04602c2c1dc77015c59997b1a79d1d2
-
SHA512
7942396df775bc8f57ab8edfa84a2e8146b42ae921f9ad64e5ac8cd37985c5402977ed8d2026d1b13770d2a908abd23dafb3617a7255b89219418f457bfd8baf
-
SSDEEP
12288:u3mY2iNw0+9MK3RAgqDDdlRJg0m2UOx3HidG97VfUhiMqADqjJ5n6L4/J8bxznlN:u3x1IeEMZHHhCE1VfIiMMjr
Static task
static1
Behavioral task
behavioral1
Sample
SOA AUG.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA AUG.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.wcc-afg.org - Port:
587 - Username:
ridwan@wcc-afg.org - Password:
Rizwan@wcc
Targets
-
-
Target
SOA AUG.exe
-
Size
1020KB
-
MD5
2eb66c93f9c91a74318ebc392493ca52
-
SHA1
413c465e27584a06ca25cac602149a90e2accaa1
-
SHA256
9b27d471b33160457e05277ef547cb15d04602c2c1dc77015c59997b1a79d1d2
-
SHA512
7942396df775bc8f57ab8edfa84a2e8146b42ae921f9ad64e5ac8cd37985c5402977ed8d2026d1b13770d2a908abd23dafb3617a7255b89219418f457bfd8baf
-
SSDEEP
12288:u3mY2iNw0+9MK3RAgqDDdlRJg0m2UOx3HidG97VfUhiMqADqjJ5n6L4/J8bxznlN:u3x1IeEMZHHhCE1VfIiMMjr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-