General
-
Target
SOA.exe
-
Size
920KB
-
Sample
221128-kl179aae43
-
MD5
28f5866df9a9d5621ff80fe55201e045
-
SHA1
767103719b66f41fa64c173dd83127269400391c
-
SHA256
f2486e0219cd1587a7b554b5aa4b958d10b59071ce5b9da818eb9b38e0b0637e
-
SHA512
2723579875d974b832e1536724beabdd7062ad0b9fd5c37fee869accbdc791fcbb183fe2846f08ae64a85e8132a98f059aaf192052ca407c79fde46f43a50af6
-
SSDEEP
12288:4oc9UQiEm5lEzM2iNp1x6U1Z9QZjeRalpQq4kk6ZuYxSOpHpiOUFval6Adh+/TR1:bLuYmM1v1cU1Z7IUvQOadhkTcM8lmy8
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.clipjoint.co.nz - Port:
587 - Username:
[email protected] - Password:
melandloz64 - Email To:
[email protected]
Targets
-
-
Target
SOA.exe
-
Size
920KB
-
MD5
28f5866df9a9d5621ff80fe55201e045
-
SHA1
767103719b66f41fa64c173dd83127269400391c
-
SHA256
f2486e0219cd1587a7b554b5aa4b958d10b59071ce5b9da818eb9b38e0b0637e
-
SHA512
2723579875d974b832e1536724beabdd7062ad0b9fd5c37fee869accbdc791fcbb183fe2846f08ae64a85e8132a98f059aaf192052ca407c79fde46f43a50af6
-
SSDEEP
12288:4oc9UQiEm5lEzM2iNp1x6U1Z9QZjeRalpQq4kk6ZuYxSOpHpiOUFval6Adh+/TR1:bLuYmM1v1cU1Z7IUvQOadhkTcM8lmy8
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-