General
-
Target
PO210322114527_HURMET CIKOLATA SEKERLEME GIDA SAN TIC LTD STI.exe
-
Size
276KB
-
Sample
210408-5ywzmt46v2
-
MD5
ea1a31948e07ee79361c9bc1ee8b176d
-
SHA1
ea8c3f08a9a72e7794c30464154ea3a32eec6511
-
SHA256
29e326042a99756d5a810aaa91765bd660a8aee4e792c3a1e4d1c8742829c83b
-
SHA512
0ecd91a36dc302c58398a86901ee33826f8a4dee8c99356d68dd9622840bd3979bae11ab92bab25327f0498b029a15adf7c1ac4586545ea52f707697a4a59338
Static task
static1
Behavioral task
behavioral1
Sample
PO210322114527_HURMET CIKOLATA SEKERLEME GIDA SAN TIC LTD STI.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO210322114527_HURMET CIKOLATA SEKERLEME GIDA SAN TIC LTD STI.exe
Resource
win10v20201028
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
penny@mbalikova.com - Password:
Gc7BuDF8@F
Targets
-
-
Target
PO210322114527_HURMET CIKOLATA SEKERLEME GIDA SAN TIC LTD STI.exe
-
Size
276KB
-
MD5
ea1a31948e07ee79361c9bc1ee8b176d
-
SHA1
ea8c3f08a9a72e7794c30464154ea3a32eec6511
-
SHA256
29e326042a99756d5a810aaa91765bd660a8aee4e792c3a1e4d1c8742829c83b
-
SHA512
0ecd91a36dc302c58398a86901ee33826f8a4dee8c99356d68dd9622840bd3979bae11ab92bab25327f0498b029a15adf7c1ac4586545ea52f707697a4a59338
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-