General
-
Target
f376148ceea08eaaf57866340775144c7c89240e67aabf6d64e37c318a6f8044
-
Size
892KB
-
Sample
220520-3kmmkshaf5
-
MD5
a0d26f3ad429710dd3c201f9741fd665
-
SHA1
eb5676cd7c962525f63b6549fad9fb460515563b
-
SHA256
f376148ceea08eaaf57866340775144c7c89240e67aabf6d64e37c318a6f8044
-
SHA512
0322b20e287e0dc1d8e1ea9759dd9b6c387e0c8da7f7821b03231c553636155f2bb9aae529a49f129c446dfb52be9ff5d03f8e4149ebcb0a73e251a0646d71b9
Static task
static1
Behavioral task
behavioral1
Sample
IMG008062020.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
IMG008062020.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
IMG0080620201.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
IMG0080620201.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.eldivan.bel.tr - Port:
587 - Username:
[email protected] - Password:
Eldivan2014??
Targets
-
-
Target
IMG008062020.bat
-
Size
548KB
-
MD5
c6b1209cba142c72b1743deaa1fe3cbf
-
SHA1
26acfef0ed6e29526aa18a9e66c7d6487ab50208
-
SHA256
32a3ecf1c16bf5ed5732d42a01d2a631ef1f802762b711b2997b7743bdee310a
-
SHA512
d167ea6e378adb326e30fb52aadb5018536bf9883cd6a76901dabcd56cc013a0e83467779708a53c5dcb1ac48d91abb000b350833b808dfc5aa3f11d401b0e3f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
IMG0080620201.bat
-
Size
576KB
-
MD5
08a5d1b27ef68b61df107657532dcb1c
-
SHA1
a36ec6a8cedc3746f4d0ace9270fe5c18187c394
-
SHA256
5c62ead706024044b2d4a717661966e22c37154d5698f8a597cea022922de88c
-
SHA512
642fb8bac596e31a04e36184df64965dc49145375eebde69c2de4812d9dda3ed44b977af2af0617c3b65190efd73d07370a53e9ec3f4ddee5d9904410e8aa79d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-