General
-
Target
Halkbank.exe
-
Size
847KB
-
Sample
210423-aet98fgdx2
-
MD5
2c68eca81ac03f1877bdcc6140893046
-
SHA1
2be88a2102e51dec6441f68d0f1a16b8fe5400f9
-
SHA256
512294ae476d17262a6fb911548683e8cacc6d30fd8bb9eea1e7c78412e51e35
-
SHA512
85e6d10c0e56215980ee9b002d918e5db85054bef4bf444602a4c9c0877098e4f6e2042ed5855add79bbe50a39c383c4084209955f113238d35dda40adcccd53
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Halkbank.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ugurlumakina.com.tr - Port:
587 - Username:
ugurlumakina@ugurlumakina.com.tr - Password:
uGUR54257!
Targets
-
-
Target
Halkbank.exe
-
Size
847KB
-
MD5
2c68eca81ac03f1877bdcc6140893046
-
SHA1
2be88a2102e51dec6441f68d0f1a16b8fe5400f9
-
SHA256
512294ae476d17262a6fb911548683e8cacc6d30fd8bb9eea1e7c78412e51e35
-
SHA512
85e6d10c0e56215980ee9b002d918e5db85054bef4bf444602a4c9c0877098e4f6e2042ed5855add79bbe50a39c383c4084209955f113238d35dda40adcccd53
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-