General
-
Target
BALS.exe
-
Size
747KB
-
Sample
211025-g68ahsgfcj
-
MD5
69e1838654bb9947925628e85751e075
-
SHA1
eec82ad70a06524980fa504aae5dbf641117fe93
-
SHA256
7e523a5a38f98b6a6cd3c6682699844e21d415b56ae625a1f74c914df034e06f
-
SHA512
159414d1071d169f10180f0177507c4512b57321c015dba440f86b7ef9e7cbe3300181e231d1373d254c8a18108c021af2e00fd972da39c46393b8d374628d8f
Static task
static1
Behavioral task
behavioral1
Sample
BALS.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
BALS.exe
Resource
win10-en-20210920
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.diniesturkiye.com - Port:
587 - Username:
[email protected] - Password:
Orhan2018
Targets
-
-
Target
BALS.exe
-
Size
747KB
-
MD5
69e1838654bb9947925628e85751e075
-
SHA1
eec82ad70a06524980fa504aae5dbf641117fe93
-
SHA256
7e523a5a38f98b6a6cd3c6682699844e21d415b56ae625a1f74c914df034e06f
-
SHA512
159414d1071d169f10180f0177507c4512b57321c015dba440f86b7ef9e7cbe3300181e231d1373d254c8a18108c021af2e00fd972da39c46393b8d374628d8f
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Suspicious use of SetThreadContext
-