General
-
Target
hesaphareketi-01.exe
-
Size
603KB
-
Sample
221128-jep1zafb86
-
MD5
3f5b3f5334557bfc48730bbf463870d9
-
SHA1
77fb7d822889dbc2f8a734fd69c8f30520879c38
-
SHA256
4b9761bcf4390d621a51510551602140fa4127d33245712580bc377b872476c4
-
SHA512
3f4dd68988413101edb51347e34f768eff194bac896061e4de8ebf8f321301414da7863e75b87d25305415ce34212d6ccfed09fb75170750341b62f963c33690
-
SSDEEP
12288:9WO+kpbKbfMAmmbyuEcGAKhX3U+A/6dIyT5lMxeSHcXtmT9ftNsoEBy3u:9WqbKPyuEcG/pgCiyseV9m1Xos3u
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5798024834:AAGLHTcPdLDij7ehMoasiBZDz8oodefEy0E/
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
603KB
-
MD5
3f5b3f5334557bfc48730bbf463870d9
-
SHA1
77fb7d822889dbc2f8a734fd69c8f30520879c38
-
SHA256
4b9761bcf4390d621a51510551602140fa4127d33245712580bc377b872476c4
-
SHA512
3f4dd68988413101edb51347e34f768eff194bac896061e4de8ebf8f321301414da7863e75b87d25305415ce34212d6ccfed09fb75170750341b62f963c33690
-
SSDEEP
12288:9WO+kpbKbfMAmmbyuEcGAKhX3U+A/6dIyT5lMxeSHcXtmT9ftNsoEBy3u:9WqbKPyuEcG/pgCiyseV9m1Xos3u
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-