General
-
Target
02f0bae423a3d66f64f141d395736d0c1a43d7a7a2104792c23d9dfcee88362f
-
Size
746KB
-
Sample
231204-j7hglahh2t
-
MD5
36020775c4d9eb557d3191ca458884c3
-
SHA1
a98e47e94cf687e47f271da567e9c9410bbc5400
-
SHA256
02f0bae423a3d66f64f141d395736d0c1a43d7a7a2104792c23d9dfcee88362f
-
SHA512
50deae0a04d724e616e5d9507645953fd75326eb3b9037b2071634badce3fe1931c6e35a30312c2cc3910627011d8c662304d8eae937e0e1294b2d2d664e9ea2
-
SSDEEP
12288:MbdPOWjXPQJh9vclPRdbR6gA48jryqCBe9P4J/7hkY6v8BzdsrRM131tqR:edPnQJnvcVRegEnyBe9M1Ov8Bzds213m
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
premium184.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
^HPUm$4%eL~b - Email To:
[email protected]
Targets
-
-
Target
SOA.exe
-
Size
976KB
-
MD5
0fbb91e3f74248db21952223a4734622
-
SHA1
77b8ecdb5d3bba59ef78feefd81e296bcd142321
-
SHA256
ee869247ca9d4e73c21db2ae314bf66049b0398deaf00a475a89b08030e69c14
-
SHA512
dadf88a45dfffe65208ff2833fd90c0115ad902e445b3f6d96cc461a176ecaad8696d8fc43081e05228e720f76575790b1f53b5239e6561ee5b92b629b6d7d23
-
SSDEEP
24576:qgO34/+Z+pJn5moA+ig6DiBydmLOBLF5SB:qgO38fJn5HA+2i8dmaVFa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-