General
-
Target
ODEME BILGILENDIRME 000284857577688 01162023.exe
-
Size
258KB
-
Sample
230116-h931msfc4t
-
MD5
ef194272556559c7d4da6515efaaa09d
-
SHA1
713343ddc7b859c93dc58559aee00f62f2c48c97
-
SHA256
32ea41ff050f09d0b92967588a131e0a170cb46baf7ee58d03277d09336f89d9
-
SHA512
d488eef517aea854d6f9bb5c6de69ed4a573377c5279ce051cafe8ec3511a453101cf162925297a14f99d754e749a2129ee767e8620cca062e226cc165ecb5bc
-
SSDEEP
6144:haCoWj2mYBtHF3rvcZjvqM4SkF/92SRD3xRKBfe6:haCcBFRcZjy0kF/92SRBkI6
Static task
static1
Behavioral task
behavioral1
Sample
ODEME BILGILENDIRME 000284857577688 01162023.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ODEME BILGILENDIRME 000284857577688 01162023.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.mgcpakistan.com - Port:
21 - Username:
[email protected] - Password:
boygirl123456
Targets
-
-
Target
ODEME BILGILENDIRME 000284857577688 01162023.exe
-
Size
258KB
-
MD5
ef194272556559c7d4da6515efaaa09d
-
SHA1
713343ddc7b859c93dc58559aee00f62f2c48c97
-
SHA256
32ea41ff050f09d0b92967588a131e0a170cb46baf7ee58d03277d09336f89d9
-
SHA512
d488eef517aea854d6f9bb5c6de69ed4a573377c5279ce051cafe8ec3511a453101cf162925297a14f99d754e749a2129ee767e8620cca062e226cc165ecb5bc
-
SSDEEP
6144:haCoWj2mYBtHF3rvcZjvqM4SkF/92SRD3xRKBfe6:haCcBFRcZjy0kF/92SRBkI6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-