General
-
Target
8d27b3abd4deefc22f25185095ae7718b2eb52ba563d68cc687b49f216820a16
-
Size
514KB
-
Sample
220521-aftwwaabf7
-
MD5
1bca6f9ba38960040adb64ce6a653b9c
-
SHA1
db2f9c7911c642adc1aa40e108a9657503e4ea42
-
SHA256
8d27b3abd4deefc22f25185095ae7718b2eb52ba563d68cc687b49f216820a16
-
SHA512
402a94c8e577fc848f5266475010b8c7139329714540a114441e7b40a91e2cece24fdffb882b2daa853d67b6658d8126d020dacbdbf719e050cc480887b44722
Static task
static1
Behavioral task
behavioral1
Sample
SUL-MR-MS-0005 Silo.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SUL-MR-MS-0005 Silo.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sinantombul.com - Port:
587 - Username:
[email protected] - Password:
ZF@6R2?&kZh!
Targets
-
-
Target
SUL-MR-MS-0005 Silo.exe
-
Size
655KB
-
MD5
3b5943fa64cdcc61fbbc7c610264f21f
-
SHA1
cca33abddbbe28dbd21908e506cea109632e0c79
-
SHA256
595326dac30807128a4e02eba50b7b26797f836796852f75dc6bbd32e955f5e0
-
SHA512
5f059b69f3335f3d1c3ab84f2ab2c67315ad4ff971e7b740fa7163fa89f26e43dce80ac0e94314dd1597b6f43ab62cc3d6bbe32887ec520a4684c959d777d6c9
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-