General
-
Target
SecuriteInfo.com.Trojan.Siggen9.47097.1482.12593
-
Size
479KB
-
Sample
201109-g86rlbde96
-
MD5
65e9b0b079f9a157dc0b069705b4c9b4
-
SHA1
df3672e10800f9b3b418042c21b7379e32789862
-
SHA256
2435735bff63b11f82baaafe0737904c936b420f5145d01609a0a0d8c8ce70c9
-
SHA512
ca5ce6fb878587407a2bf3b4956d05cf21cf24f3cea66a73a37daa362c2f2e5fdfecaf9b7b8610d0c7284642bced56036c28a7f2f16ccabfdbc27e845bba6185
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen9.47097.1482.12593.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen9.47097.1482.12593.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.newvenna121llc.com - Port:
587 - Username:
info@newvenna121llc.com - Password:
fardin09123405057
Extracted
Protocol: smtp- Host:
mail.newvenna121llc.com - Port:
587 - Username:
info@newvenna121llc.com - Password:
fardin09123405057
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen9.47097.1482.12593
-
Size
479KB
-
MD5
65e9b0b079f9a157dc0b069705b4c9b4
-
SHA1
df3672e10800f9b3b418042c21b7379e32789862
-
SHA256
2435735bff63b11f82baaafe0737904c936b420f5145d01609a0a0d8c8ce70c9
-
SHA512
ca5ce6fb878587407a2bf3b4956d05cf21cf24f3cea66a73a37daa362c2f2e5fdfecaf9b7b8610d0c7284642bced56036c28a7f2f16ccabfdbc27e845bba6185
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-