General
-
Target
SOA.exe
-
Size
907KB
-
Sample
221208-apgmxage98
-
MD5
99ded55f618740a2d0d01d058bbefeb8
-
SHA1
80286ab408cc08343d073d440e2024627b65d327
-
SHA256
916d30f29bbbbbbf9cd02ee4c66d611750d1a0aafa7b3f364b35e46216ae90a3
-
SHA512
1e02c63919993f30e3d02321cb9d7c29e5d794fa03b7c2c26c75945e1fa14a7dbd5a31a3cb4ce8b79ce317798c3549ca0fa8b64163bdc5a954bb5da6a501c0ee
-
SSDEEP
24576:OH1tAKI2ODxwg5+R9sKGUSDbacRbq/4nb90FK9y:2tpXO7e9U3DdA4R
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.karthikagro.in - Port:
587 - Username:
gopi@karthikagro.in - Password:
Yenks@0910
Targets
-
-
Target
SOA.exe
-
Size
907KB
-
MD5
99ded55f618740a2d0d01d058bbefeb8
-
SHA1
80286ab408cc08343d073d440e2024627b65d327
-
SHA256
916d30f29bbbbbbf9cd02ee4c66d611750d1a0aafa7b3f364b35e46216ae90a3
-
SHA512
1e02c63919993f30e3d02321cb9d7c29e5d794fa03b7c2c26c75945e1fa14a7dbd5a31a3cb4ce8b79ce317798c3549ca0fa8b64163bdc5a954bb5da6a501c0ee
-
SSDEEP
24576:OH1tAKI2ODxwg5+R9sKGUSDbacRbq/4nb90FK9y:2tpXO7e9U3DdA4R
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-