General
-
Target
SOA.exe
-
Size
1.0MB
-
Sample
221208-qmsv6aab48
-
MD5
1ef6b427350035123f4377766dfbe5fb
-
SHA1
398bf16effefabbb813377493e1c67410d042d7e
-
SHA256
2b9b066e3049207623a9b58439eedeb0c226895e8a37431fb65ab15fc168636e
-
SHA512
0513069a8f5753cca5f50618b2acc20869431fd26a9fae7f5160055ecf9101959e727578b8bb39a7284fd9ba26e52d071af2a215bc3651811e77437bda6e54c0
-
SSDEEP
24576:IVSdbAKIvPTgKat+Uf0Xy8mxJf/IKTpHDvRjK76:IVSRp803Im/4Epl
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5962712783:AAFVWYP7zptQlynX_9COtuxYcx3Dl7EnfUQ/
Targets
-
-
Target
SOA.exe
-
Size
1.0MB
-
MD5
1ef6b427350035123f4377766dfbe5fb
-
SHA1
398bf16effefabbb813377493e1c67410d042d7e
-
SHA256
2b9b066e3049207623a9b58439eedeb0c226895e8a37431fb65ab15fc168636e
-
SHA512
0513069a8f5753cca5f50618b2acc20869431fd26a9fae7f5160055ecf9101959e727578b8bb39a7284fd9ba26e52d071af2a215bc3651811e77437bda6e54c0
-
SSDEEP
24576:IVSdbAKIvPTgKat+Uf0Xy8mxJf/IKTpHDvRjK76:IVSRp803Im/4Epl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-