General
-
Target
_Halkbank.z
-
Size
616KB
-
Sample
210423-n9d78n4cf6
-
MD5
d554a9f8ed8d6d76e7e656e326c2a0f2
-
SHA1
933431e1f59270f3ae7a7abcd03ac173cdfaf35b
-
SHA256
5b380a0aa6d0ac13ced83ccc5a622c9ec2f5fa131e52007d7a2aaef5bdb54aca
-
SHA512
b54beb34070e40bd42f06e2d46139d5e39a561ff401f382b9d86a17e37466694594063ffcd5add54028c91cf8c3d61edb49e1cda8020ca3131f09305b1808ffe
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Halkbank.exe
Resource
win10v20210408
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ugurlumakina.com.tr - Port:
587 - Username:
ugurlumakina@ugurlumakina.com.tr - Password:
uGUR54257!
Targets
-
-
Target
Halkbank.exe
-
Size
847KB
-
MD5
2c68eca81ac03f1877bdcc6140893046
-
SHA1
2be88a2102e51dec6441f68d0f1a16b8fe5400f9
-
SHA256
512294ae476d17262a6fb911548683e8cacc6d30fd8bb9eea1e7c78412e51e35
-
SHA512
85e6d10c0e56215980ee9b002d918e5db85054bef4bf444602a4c9c0877098e4f6e2042ed5855add79bbe50a39c383c4084209955f113238d35dda40adcccd53
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-