General
-
Target
SOA.exe
-
Size
1.2MB
-
Sample
210122-nhhlzzlnsx
-
MD5
e5abb827d35873d229a1e77788fe322e
-
SHA1
f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4
-
SHA256
fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d
-
SHA512
f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
paola.micheli@copangroup.xyz - Password:
gibson.1990
Targets
-
-
Target
SOA.exe
-
Size
1.2MB
-
MD5
e5abb827d35873d229a1e77788fe322e
-
SHA1
f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4
-
SHA256
fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d
-
SHA512
f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-