General
-
Target
42092859-4 SOA Docs.exe
-
Size
720KB
-
Sample
210927-xvef3ahhb6
-
MD5
81b92680fb33ddfaccae09031e1888f2
-
SHA1
880a7e88ca219c5361ddfbad786bfeea9bb6b6fa
-
SHA256
ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac
-
SHA512
9527c1a0f356229d163328499f62654b6cc93c0d03f75ad4ffe95b3f1fd4655a035c9c11486fbdf010386adcdeab85275572ea6b2e6d05d38cb6b4c82c3b5960
Static task
static1
Behavioral task
behavioral1
Sample
42092859-4 SOA Docs.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
42092859-4 SOA Docs.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sautiyapwanifm.com - Port:
587 - Username:
Manii@sautiyapwanifm.com - Password:
Mullardodo@#
Targets
-
-
Target
42092859-4 SOA Docs.exe
-
Size
720KB
-
MD5
81b92680fb33ddfaccae09031e1888f2
-
SHA1
880a7e88ca219c5361ddfbad786bfeea9bb6b6fa
-
SHA256
ccfec983bc3c78598d2fed9861fde7a3c75ec512ab8642f132b30dbb9e516eac
-
SHA512
9527c1a0f356229d163328499f62654b6cc93c0d03f75ad4ffe95b3f1fd4655a035c9c11486fbdf010386adcdeab85275572ea6b2e6d05d38cb6b4c82c3b5960
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-