General
-
Target
Halkbank.exe
-
Size
604KB
-
Sample
211125-vn5cssfhgp
-
MD5
4b230a305cc22a04446b397310070d56
-
SHA1
208524b096c579b89579febff0b40f752b4e7db4
-
SHA256
a22ca2c5d6086e8c6703deb2e345efc08627e7063c447d60babe6edb17503856
-
SHA512
c0dcfea90b46ef91463d6ff272e0febd9ee5615bad9f84993458bde3f9f7983fe025747b7a6e306b31884bc57f10040b965d4578900138721b519dcd37da4f95
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
Halkbank.exe
Resource
win10-en-20211014
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.devmetsan.com.tr - Port:
587 - Username:
info@devmetsan.com.tr - Password:
Murat2019*
Targets
-
-
Target
Halkbank.exe
-
Size
604KB
-
MD5
4b230a305cc22a04446b397310070d56
-
SHA1
208524b096c579b89579febff0b40f752b4e7db4
-
SHA256
a22ca2c5d6086e8c6703deb2e345efc08627e7063c447d60babe6edb17503856
-
SHA512
c0dcfea90b46ef91463d6ff272e0febd9ee5615bad9f84993458bde3f9f7983fe025747b7a6e306b31884bc57f10040b965d4578900138721b519dcd37da4f95
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-