General
-
Target
SOA.exe
-
Size
1.2MB
-
Sample
240625-rm5qdsvdka
-
MD5
72b07b83df4c35ec7fef59605e9297a1
-
SHA1
c214eab74679618104e23d0110e4c9457b1de63e
-
SHA256
2cd4a1b5a6970f10245111eed4113323d391b1fe221f01fa11ad0d9695b82ea8
-
SHA512
dab469196dcd028942ccf039a7e4c5f1715314565d0c89c33bce59e70e41866c131fed8f00f37eb081475a4138a729eba17ddd18fa04e6166e967a31f18af3c5
-
SSDEEP
24576:wAHnh+eWsN3skA4RV1Hom2KXMmHa0+6nnjqKoeptiuX15jcyboA5:nh+ZkldoPK8YaijqKoeptv15nbL
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mahesh-ent.com - Port:
587 - Username:
[email protected] - Password:
M@hesh3981 - Email To:
[email protected]
Targets
-
-
Target
SOA.exe
-
Size
1.2MB
-
MD5
72b07b83df4c35ec7fef59605e9297a1
-
SHA1
c214eab74679618104e23d0110e4c9457b1de63e
-
SHA256
2cd4a1b5a6970f10245111eed4113323d391b1fe221f01fa11ad0d9695b82ea8
-
SHA512
dab469196dcd028942ccf039a7e4c5f1715314565d0c89c33bce59e70e41866c131fed8f00f37eb081475a4138a729eba17ddd18fa04e6166e967a31f18af3c5
-
SSDEEP
24576:wAHnh+eWsN3skA4RV1Hom2KXMmHa0+6nnjqKoeptiuX15jcyboA5:nh+ZkldoPK8YaijqKoeptv15nbL
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-