General
-
Target
d81e7da4ac57ac10df28aa44098a16daa02ab180987247de6abc663215a6e604
-
Size
388KB
-
Sample
220521-cgr5saghel
-
MD5
996f03cd5e12be88a95732363abea8f1
-
SHA1
999e6c1da5791b710a673d369856a9ee6136593f
-
SHA256
d81e7da4ac57ac10df28aa44098a16daa02ab180987247de6abc663215a6e604
-
SHA512
ca3bab4058e9de4c370622ac2d8ca3f0f697c631b49a997b3807a8f8d694c8e3fee52471946a31873833950e083d7d4c09b7a5aa6375f821d7f72ff59468f554
Static task
static1
Behavioral task
behavioral1
Sample
Akbank Hesap Özetiniz.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Akbank Hesap Özetiniz.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
off1ce.box@yandex.com - Password:
kroskofile
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
off1ce.box@yandex.com - Password:
kroskofile
Targets
-
-
Target
Akbank Hesap Özetiniz.exe
-
Size
484KB
-
MD5
3b8a94165d2603343953e2491617f5d6
-
SHA1
7ba71a7d18927af204e086a8662a93df9e24ce46
-
SHA256
b36cdef1bf3b71c8edb27b1d2eabaa00b2df89f3a46bc9c727f4dbb6956fcddb
-
SHA512
445557b0bad87c39ad63598b51e057ec86c67469ab83d46787dea5e66e0b84fcca313f44115e82a24918b533b00a9862c353ff315e5a17645319449dfdf076df
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
CoreEntity .NET Packer
A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-