Overview
overview
10Static
static
40a749e596...b0.zip
windows7-x64
140a749e596...b0.zip
windows10-2004-x64
140a749e596...b0.zip
windows7-x64
140a749e596...b0.zip
windows10-2004-x64
1Quotation.exe
windows7-x64
10Quotation.exe
windows10-2004-x64
10email-html-2.txt
windows7-x64
1email-html-2.txt
windows10-2004-x64
1email-plain-1.txt
windows7-x64
1email-plain-1.txt
windows10-2004-x64
1General
-
Target
guncel_ödeme.eml
-
Size
932KB
-
Sample
221129-lqnndsgc98
-
MD5
5e03ee399890904929ffd55f90aca72a
-
SHA1
507f3434ae23476eddfc8fce0d88f464e7f75806
-
SHA256
32c2cad343c9208f4a3fc3781f32211db3c89f76a290b4de6c6559f9393e18b1
-
SHA512
b3c1f9f99162ffba810c0198342a6dfbae6c8545ac79e03bd68c0a86b6d721730a411b0a354327cae275102c842e38ea6ce6751b5c66377ed19adaa936b0c9dd
-
SSDEEP
24576:kEDs60dhvTXM3JepjMlD0UJ0HFZRAI3bN5Nj:kEw/pvUKaI3hrj
Static task
static1
Behavioral task
behavioral1
Sample
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0.zip
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0.zip
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0.zip
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0.zip
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
Quotation.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
Quotation.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
email-html-2.txt
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
email-html-2.txt
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
email-plain-1.txt
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
email-plain-1.txt
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.strictfacilityservices.com - Port:
587 - Username:
accounts@strictfacilityservices.com - Password:
SFS!@#321 - Email To:
guc850155@gmail.com
Targets
-
-
Target
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0.zip
-
Size
627KB
-
MD5
7547610b562f1dbb5a2ebb18886ec1e5
-
SHA1
f25b79109293d692269275b96d8e99430e633275
-
SHA256
a6200024b366cf24d2430797ac766a365487b1f8703695f2f07a888273b8ced4
-
SHA512
e62062eb3af1ce54ea4a92b519e71a2b660602febf78e136e295b49ffe405db964eff396c0a243bba6945ec0653eb8122406f545e3035d690241d2677c002b4e
-
SSDEEP
12288:QUn5LFm4fOJ/63L4kmvipyi5VXfLbWV3KYRYcgHSGjNZuyQAo:1nTm4fOJ/wL4kAi0gNyV3vRESAo
Score1/10 -
-
-
Target
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0.zip
-
Size
627KB
-
MD5
18318c04969b8093805c786ba7bb7b59
-
SHA1
feda3798b7113c365bd3a3d970987fd559092bd2
-
SHA256
40a749e596b281d72c57c18bf5d389d128e47c153244a7c8683d051214ac52b0
-
SHA512
703b4bd9767d47cf4fce719ecfe5cc066c0425a76b0fe5c1647fb241c187d74558db444a915839ad6422c76e655566825e28fdb080457ba4b0d90225f4dd97d8
-
SSDEEP
12288:aXFuld2ZE+5+2Ga3eL+605H0U6TNDrUwStW5TCvS+/giRHWUy2r:aXFod2ZD5+za3m0W7TxovMpCvh/9JT
Score1/10 -
-
-
Target
Quotation.exe
-
Size
789KB
-
MD5
72c17e8d702de79f794fe16787a61098
-
SHA1
18f51344f688db3979c55a6322f013269b4c308d
-
SHA256
4513951a7d2bdb62b062c790f0c259d9f5854497b6e5e8ed0369d22197d1e856
-
SHA512
09ca148f810649989cb89507848de48d55738f79bc301e4a7c8b2f3b52bc231b59aa79c15be126eb7c41a2d8801279792eb21a262b45e0503a8c93eca26fec43
-
SSDEEP
12288:OKdsCbFr5cE8LHWy/SEdRMA/LyzIPPPu6gtFNDzUwSzWbTgvS6/IiTHWcb:7ovLB9/LkInstFxQvCngv5/1db
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
-
-
Target
email-html-2.txt
-
Size
62KB
-
MD5
b62e3324061d60a6365ff79a0ec17d63
-
SHA1
56e2466cf22180aa72438e39d739a39761d2847d
-
SHA256
d818c560b5240d1fa0cb00f969f618ee52aa4044227a9a3a22a984de7ef10729
-
SHA512
9a40c4c09861b9107ad7351dfc4208dbce7ebf59606ed2c7559c195875444f6e0709a17905c77258f91bbcebd09fcd9891b5886440a701414909b0c136c3dc09
-
SSDEEP
768:kvz31YknSNk/ozNrW/J5Hektuk8IbSXmnrf+mnB:OZnSNk/ozNrW/J5Hektukv+Wd
Score1/10 -
-
-
Target
email-plain-1.txt
-
Size
5KB
-
MD5
b219e1587efc6ef4ee8277a21d19463c
-
SHA1
75c9b2fee6da1cb443d7a29b1e931eb69f393b46
-
SHA256
e5866def3f525ac44e88808250acb11f4ea57142eb99c16f3e737fcc24d014fe
-
SHA512
7d5ef4785e2359263cbf39381b7fe15bcd4c6fbcd31401c7a8a9e33a554a3ee3fbf1a109907fed82af1ed7c7d39977039ffa1250df09ef279cb2dfbc885b6733
-
SSDEEP
96:uS2ZF9sKK7cFrtL7tLf/1vktLtFuHi/Y60M0ReHjWPeLYHEejd5OqWC7I5:d2CcFBLxLVvQLruC/1ysyoYHz+qWCE5
Score1/10 -