General
-
Target
SOA.exe
-
Size
773KB
-
Sample
230206-trqs5saa6y
-
MD5
3ebc264726e016753005e6e66aa27c99
-
SHA1
d88902ab95a265cbe2c5820728d76a308ed074b5
-
SHA256
82fa2e380616334eee0b0c78688cc1101dc693d2d8a241ab0c2abc731d9a2210
-
SHA512
adc09b0c7648ef397c02b9669c4064772090cdfe0d598185569091baa58d9586f3b494abca09728e35345d540cf44b3abf079b5baea927bfdb9b40cb43196617
-
SSDEEP
12288:PLJPAfjgWW6ks8x7Rb8OP+wmk7uhLITsLDY49kTX6LcXnyXx6q16ahRZ5Gcg:RAUeZ8tQJd9k76L1NMS5GZ
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.abaexlogistics.com - Port:
587 - Username:
operations@abaexlogistics.com - Password:
Op3r@2021! - Email To:
ericsales878@gmail.com
Targets
-
-
Target
SOA.exe
-
Size
773KB
-
MD5
3ebc264726e016753005e6e66aa27c99
-
SHA1
d88902ab95a265cbe2c5820728d76a308ed074b5
-
SHA256
82fa2e380616334eee0b0c78688cc1101dc693d2d8a241ab0c2abc731d9a2210
-
SHA512
adc09b0c7648ef397c02b9669c4064772090cdfe0d598185569091baa58d9586f3b494abca09728e35345d540cf44b3abf079b5baea927bfdb9b40cb43196617
-
SSDEEP
12288:PLJPAfjgWW6ks8x7Rb8OP+wmk7uhLITsLDY49kTX6LcXnyXx6q16ahRZ5Gcg:RAUeZ8tQJd9k76L1NMS5GZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-