General

  • Target

    SOA.exe

  • Size

    1.2MB

  • Sample

    240625-rm5qdsvdka

  • MD5

    72b07b83df4c35ec7fef59605e9297a1

  • SHA1

    c214eab74679618104e23d0110e4c9457b1de63e

  • SHA256

    2cd4a1b5a6970f10245111eed4113323d391b1fe221f01fa11ad0d9695b82ea8

  • SHA512

    dab469196dcd028942ccf039a7e4c5f1715314565d0c89c33bce59e70e41866c131fed8f00f37eb081475a4138a729eba17ddd18fa04e6166e967a31f18af3c5

  • SSDEEP

    24576:wAHnh+eWsN3skA4RV1Hom2KXMmHa0+6nnjqKoeptiuX15jcyboA5:nh+ZkldoPK8YaijqKoeptv15nbL

Malware Config

Extracted

Family

agenttesla

Credentials

Targets

    • Target

      SOA.exe

    • Size

      1.2MB

    • MD5

      72b07b83df4c35ec7fef59605e9297a1

    • SHA1

      c214eab74679618104e23d0110e4c9457b1de63e

    • SHA256

      2cd4a1b5a6970f10245111eed4113323d391b1fe221f01fa11ad0d9695b82ea8

    • SHA512

      dab469196dcd028942ccf039a7e4c5f1715314565d0c89c33bce59e70e41866c131fed8f00f37eb081475a4138a729eba17ddd18fa04e6166e967a31f18af3c5

    • SSDEEP

      24576:wAHnh+eWsN3skA4RV1Hom2KXMmHa0+6nnjqKoeptiuX15jcyboA5:nh+ZkldoPK8YaijqKoeptv15nbL

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks