General
-
Target
SecuriteInfo.com.PowerShell.Siggen.2046.5121.22247.exe
-
Size
708KB
-
Sample
240523-at2tmseg71
-
MD5
1fdc4210c29446f1358360b7df89eb3e
-
SHA1
feabe794bd8654ceaa0d2a2588b252fed6cae378
-
SHA256
8ef4d6591309fbe5f7998a82ea2db9db9c502293abf51fe37e37d860b2977d7c
-
SHA512
4f30ad8c74e270d7cc88f3de29fd9a2530a378b07cd5efce7867e19e007472f89da0b6a1fcc97871f4b3e16d65513369b6c34f6e4144983afcebfe35965e337a
-
SSDEEP
12288:QuoS1Rnqm/L+toFP3ke8cfDynok2l19jjk9CTe13c:HT1Rqm/kol3Kn619k+
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.PowerShell.Siggen.2046.5121.22247.exe
Resource
win7-20231129-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sslout.de - Port:
587 - Username:
[email protected] - Password:
dataset123 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.PowerShell.Siggen.2046.5121.22247.exe
-
Size
708KB
-
MD5
1fdc4210c29446f1358360b7df89eb3e
-
SHA1
feabe794bd8654ceaa0d2a2588b252fed6cae378
-
SHA256
8ef4d6591309fbe5f7998a82ea2db9db9c502293abf51fe37e37d860b2977d7c
-
SHA512
4f30ad8c74e270d7cc88f3de29fd9a2530a378b07cd5efce7867e19e007472f89da0b6a1fcc97871f4b3e16d65513369b6c34f6e4144983afcebfe35965e337a
-
SSDEEP
12288:QuoS1Rnqm/L+toFP3ke8cfDynok2l19jjk9CTe13c:HT1Rqm/kol3Kn619k+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-