General
-
Target
SecuriteInfo.com.Trojan.Siggen13.10233.30629.5748
-
Size
34KB
-
Sample
210420-53alga1n4n
-
MD5
0389d0b86a7342d646fc52945033e0c3
-
SHA1
6d1fa84447923f045673c8510269cc8679332322
-
SHA256
2a39871fcfc1b15b312efc820839f57a21288c09be793ca1ddaf41d821ce3c01
-
SHA512
5575d21a2a44d1b56fee70bade21c5e9bf0bab620afacc660f02c7f3980af538bb7164c1a845db47010b3e66adb51d9e03aa9f469b638d580e42e5cc371b6208
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Siggen13.10233.30629.5748.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Siggen13.10233.30629.5748.exe
Resource
win10v20210410
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.orienttech.com.qa - Port:
587 - Username:
sales@orienttech.com.qa - Password:
Op{^fLb9gN[!
Targets
-
-
Target
SecuriteInfo.com.Trojan.Siggen13.10233.30629.5748
-
Size
34KB
-
MD5
0389d0b86a7342d646fc52945033e0c3
-
SHA1
6d1fa84447923f045673c8510269cc8679332322
-
SHA256
2a39871fcfc1b15b312efc820839f57a21288c09be793ca1ddaf41d821ce3c01
-
SHA512
5575d21a2a44d1b56fee70bade21c5e9bf0bab620afacc660f02c7f3980af538bb7164c1a845db47010b3e66adb51d9e03aa9f469b638d580e42e5cc371b6208
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-