General
-
Target
RE Shipment Docs.zip
-
Size
593KB
-
Sample
221002-np1mnsegap
-
MD5
b17cbcc53e0dfeac329602984422c25c
-
SHA1
fd18e14b857d39c5574192f60e1b6c55f8c48080
-
SHA256
4189c6d0a3e9df2b499fcb406392cedd451f741da89f831c74a1a7ce0db25169
-
SHA512
4220e8e6526235a204024505e189ca76064c66eb0875a7627a098a3fd5f6475282d022115144c532dbb46f2cf302ec19f6091f2329926728e322602f3f8248b6
-
SSDEEP
12288:cfOD9rVWmTvE9YBytbU3TFf0UQC9+1LbAtMqU0IM0mx7PGGSlq7+I9p:bd/MA+YDFf0UQC9+RbAj3IM0YLmg6I9p
Static task
static1
Behavioral task
behavioral1
Sample
boni.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
boni.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.eserkaynak.com.tr - Port:
587 - Username:
muharrem@eserkaynak.com.tr - Password:
063277+-
Targets
-
-
Target
boni.exe
-
Size
919KB
-
MD5
76f92fb8a9fe431d2521d9c4737a79e6
-
SHA1
f5fce0be88159c0bfb97abf0bedee0bcf2499a50
-
SHA256
89c6767c25e53fc20151a421134f1bda69d1106a7b827bc7de00dd895d96eda7
-
SHA512
00847f5c678eaa26cf6fdf98bc76f953a20bc7c6a62510f83bf46a8d8e19e079e82e5bfdf6f6e7187ef23272f621195694a50e1dba642218d919fa53b4a0d7aa
-
SSDEEP
12288://2iq2iN7A4S5sVUJ8BytbkZTFpcUQC9+1LfAtMqqejvqjJ5n41r2R2y+kGelsxC:Wiq1rsBc+AlFpcUQC9+RfAjDjCjr5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-