General
-
Target
UPDATED SOA (2).zip
-
Size
367KB
-
Sample
221126-lqhgdabf4v
-
MD5
87b096e6eed114266570138e11cabd40
-
SHA1
a749a72e8f3782a14028a8260cc3a546fba4921f
-
SHA256
487d9f829469177c124d791f2b4769f31e6c1c1dd695b52dacefee4e2061859d
-
SHA512
9400e37f7cfb0685abb191a0058a2b2c306758138c247825b29207f49f45e6e8f2a363c07a1224258c16cf5001f0edb2b60a2b7003796481b50bd5e771346508
-
SSDEEP
6144:aq0ui5+qifCUmelJQEOBIUE4QiF33Zgx4nwy5Wo4kaZL5+4+381H8W1:axH4JQTqUnQiF3J84pgou+a1cM
Static task
static1
Behavioral task
behavioral1
Sample
UPDATED SOA (2).exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
UPDATED SOA (2).exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.svcnc.com - Port:
587 - Username:
[email protected] - Password:
Krupashine@6791 - Email To:
[email protected]
Targets
-
-
Target
UPDATED SOA (2).exe
-
Size
482KB
-
MD5
74413d410ade63316e64fd13643c5472
-
SHA1
e799abf182ebbda566506ab24d1c3291d2b5045c
-
SHA256
a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d
-
SHA512
46278aecc22bfcb435f3463f8fccef1e9a11ee029f80f071f313033cd5c8e0f2939caba6a554797c217b7afc0f11f96e5dd6a29a72706696d848c976c31fcbcb
-
SSDEEP
12288:3gJKPIrufvlcmVUZ7DkosENw2xyVbzUh/e237lEXO52I4mYF+:3sKPmql7VUZ7PsECxXi2s4
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-