Overview

overview

10

Static

static

5

SOA.exe

windows7-x64

10

SOA.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA.exe

  • Size

    1.1MB

  • Sample

    240606-s7nhaagb2x

  • MD5

    d78f068c7ee6b269428e03e62f6c55a2

  • SHA1

    af2bb266fce49374845566159301ee6583b11129

  • SHA256

    4ef10e7296fb6c5df039a4b95147b1cb4482bdbee0a097863fe345b295302cc9

  • SHA512

    c5fb45464a94fec8dc7c13c2bb863526a4a13df182cbc6740ba6f52bd685107fc849240e8d6859a970748c063a587f41fb5004c5be9fbdadcec7f6a813acf269

  • SSDEEP

    24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaXExQu/4wf7oUn5:Ph+ZkldoPK8YaXE7/5fMA

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot5786264459:AAFiRqFtUxpuUuFFLRisUX4PeZ4dtd8Y-8A/

Targets

    • Target

      SOA.exe

    • Size

      1.1MB

    • MD5

      d78f068c7ee6b269428e03e62f6c55a2

    • SHA1

      af2bb266fce49374845566159301ee6583b11129

    • SHA256

      4ef10e7296fb6c5df039a4b95147b1cb4482bdbee0a097863fe345b295302cc9

    • SHA512

      c5fb45464a94fec8dc7c13c2bb863526a4a13df182cbc6740ba6f52bd685107fc849240e8d6859a970748c063a587f41fb5004c5be9fbdadcec7f6a813acf269

    • SSDEEP

      24576:IAHnh+eWsN3skA4RV1Hom2KXMmHaXExQu/4wf7oUn5:Ph+ZkldoPK8YaXE7/5fMA

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks