General
-
Target
Ödeme kopyası.exe
-
Size
436KB
-
Sample
211020-m8lgeshhar
-
MD5
eac421737ef2cf033f7399607f34d946
-
SHA1
c6e9b4c0763232456442a64ed2ceaf2d23507a38
-
SHA256
9a95d7fb967f170e7ab4a627dd7d6a3434f459af5920677fe9ee302751cad91f
-
SHA512
1d5cc4a66c0dfcde58e700335f55ea9d4a01baa8114a8d8aec500dda3945bee6b4a5f7beccdac05bfdfd9120277c9d16a8820176a8294bace8259e9f078e547e
Static task
static1
Behavioral task
behavioral1
Sample
Ödeme kopyası.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Ödeme kopyası.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.tccinfaes.com - Port:
587 - Username:
[email protected] - Password:
TccBps1427log
Targets
-
-
Target
Ödeme kopyası.exe
-
Size
436KB
-
MD5
eac421737ef2cf033f7399607f34d946
-
SHA1
c6e9b4c0763232456442a64ed2ceaf2d23507a38
-
SHA256
9a95d7fb967f170e7ab4a627dd7d6a3434f459af5920677fe9ee302751cad91f
-
SHA512
1d5cc4a66c0dfcde58e700335f55ea9d4a01baa8114a8d8aec500dda3945bee6b4a5f7beccdac05bfdfd9120277c9d16a8820176a8294bace8259e9f078e547e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-