General
-
Target
7aa02d07edfd0c1a75eb3f05694c8fb0955fd4c654fa1a7a97f01e736a3cccb5
-
Size
246KB
-
Sample
220521-n5r1gahggp
-
MD5
6a23fcee27c15c8a5e7f6225c20d76dd
-
SHA1
9f018b2dd4a4a373d808b4a4c689160c66e551e6
-
SHA256
7aa02d07edfd0c1a75eb3f05694c8fb0955fd4c654fa1a7a97f01e736a3cccb5
-
SHA512
839a632991c8349ca690d2af3093fc1616db10e193b85647971ddc61dd91ce77b6bd3b4a06753eec059a50f64ab14a81060022cefabd261f773a5261df6a4511
Static task
static1
Behavioral task
behavioral1
Sample
T. HALK BANKASI A.S.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
T. HALK BANKASI A.S.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
Hunter$#@145722
Targets
-
-
Target
T. HALK BANKASI A.S.exe
-
Size
569KB
-
MD5
9a93aae886b13bfa86dade71e0b21846
-
SHA1
9a4c8babb2b4e3b5292f2dc227fe25f8abc6b9a3
-
SHA256
d95da3b2e36df903e14aab07df9dfbc266028bd4d110d8607d10f06aa927cb75
-
SHA512
11e1bb4c43b8557b3b13584e09bf28fda105f973ead881d5254c64edd8bfb950d91b1967de98362f758d72399f2d43d9805647b03360d6b4df06d9e9cc65e74e
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-