General
-
Target
nk696Ndw2kPFEvX.exe
-
Size
1.1MB
-
Sample
221002-nrp9qaeggj
-
MD5
21d3bf9ea8df95aeb5827b0a94389c92
-
SHA1
6fcbed73e5e03e8c59d8180d68e1585209e33c87
-
SHA256
c35a61b25b49b161c30a7d7dfed70a1a89ae5de7366ef59490946bbd81133b22
-
SHA512
77b01f76a5a483ad6636b210311b84cc321c50b859955627a578e7f1c041788116936ec023fa6c5f629da669d98cd4e27b13ff8f8bbb375633a9c3b48c591b43
-
SSDEEP
24576:/15jB6R2YqVMUbFfbh9Jj/oXVjzkRNW8mdHxW6:/3zYQxF6XBgm8kHA6
Static task
static1
Behavioral task
behavioral1
Sample
nk696Ndw2kPFEvX.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
nk696Ndw2kPFEvX.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ankaraklima.com.tr - Port:
587 - Username:
dilek@ankaraklima.com.tr - Password:
Dilek060606.
Targets
-
-
Target
nk696Ndw2kPFEvX.exe
-
Size
1.1MB
-
MD5
21d3bf9ea8df95aeb5827b0a94389c92
-
SHA1
6fcbed73e5e03e8c59d8180d68e1585209e33c87
-
SHA256
c35a61b25b49b161c30a7d7dfed70a1a89ae5de7366ef59490946bbd81133b22
-
SHA512
77b01f76a5a483ad6636b210311b84cc321c50b859955627a578e7f1c041788116936ec023fa6c5f629da669d98cd4e27b13ff8f8bbb375633a9c3b48c591b43
-
SSDEEP
24576:/15jB6R2YqVMUbFfbh9Jj/oXVjzkRNW8mdHxW6:/3zYQxF6XBgm8kHA6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-