General
-
Target
https://cdn.discordapp.com/attachments/1214411655383875604/1215068975407566878/StealLoaderSIAL.exe?ex=661717aa&is=6604a2aa&hm=e21db82344a37817df0aa90ac250d31ee4a49790b8feda81de2414febab6c293&
-
Sample
240330-cdm2naee9t
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1214411655383875604/1215068975407566878/StealLoaderSIAL.exe?ex=661717aa&is=6604a2aa&hm=e21db82344a37817df0aa90ac250d31ee4a49790b8feda81de2414febab6c293&
Resource
win10-20240221-en
Malware Config
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1214411655383875604/1215068975407566878/StealLoaderSIAL.exe?ex=661717aa&is=6604a2aa&hm=e21db82344a37817df0aa90ac250d31ee4a49790b8feda81de2414febab6c293&
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-