General
-
Target
SOA.rar
-
Size
711KB
-
Sample
221206-t1tw6adh38
-
MD5
127505eed24351c9c5934de2c7c71c9a
-
SHA1
8a7c95a82e09ad69503f2fdcaed7dcab39bf394f
-
SHA256
4f00780dfee13c7d9c227516bc28631d0e6570695f944e2e1cbe6ffd3fdc07e6
-
SHA512
d6e2bc3823f544b9036b53f218c6a9f361d7bd46f455c1f447c15f46a07f8a0d78e151d5e65ed445d4f3c34ccc4ae8fd6bd472550cd0ff45c8191fd5e1419170
-
SSDEEP
12288:CzAABcLKINiTOSW8sMWYluNFRTm0p2ysWZmTfzy1E1bD/qyic0buzuSgCJNDn3ng:u2KIFF8HdURKsAFTfzL/qyidWzDn3nQT
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karthikagro.in - Port:
587 - Username:
[email protected] - Password:
Yenks@0910
Targets
-
-
Target
SOA.exe
-
Size
823KB
-
MD5
f640aac019a1e4d4c2087787a183ce9e
-
SHA1
61e6ffda193221c646528fe23b6934b35967755f
-
SHA256
b83277e8c7164257c1077c18eb894209d211d79b0032ad50230553c5b7a1e411
-
SHA512
062a338acff66bd608c0e274baa6c697d48bda9b0e13c1e0bbcd47a3c56cda14ab5cd10d540003b350c0cc5a8b5469402ed061e4061a8ae2f8ffaa048ee225f8
-
SSDEEP
24576:SzW8WrwhcvcfdY4disSYnRsquUoWPfr6ZcT:jx4disSARPGWPfrJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-