General

  • Target

    SOA.exe

  • Size

    1.2MB

  • Sample

    210122-nhhlzzlnsx

  • MD5

    e5abb827d35873d229a1e77788fe322e

  • SHA1

    f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4

  • SHA256

    fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d

  • SHA512

    f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    paola.micheli@copangroup.xyz
  • Password:
    gibson.1990

Targets

    • Target

      SOA.exe

    • Size

      1.2MB

    • MD5

      e5abb827d35873d229a1e77788fe322e

    • SHA1

      f3803cc39c30ff2b9d79ec714e7a0d8d1baefdf4

    • SHA256

      fd9b51a831b2bebf0dbb8729527ebcfc32c927e0b6f9911b31bf29dfaf181d0d

    • SHA512

      f67249d97b5cc41b29582d4894cae79265a7396b7473cdcc49d6a475bb48f0feaa99f3a27fd7a5266b1e3d438be14fe7341546ec3500426db018756fa34b672b

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks