General

  • Target

    Para Transferi Bilgilendirmesi-Dekont20230329.7z

  • Size

    243KB

  • Sample

    230329-ws6xvshd36

  • MD5

    2706fc1ef92c9806dc34ce76edef3e2f

  • SHA1

    c7d04f942d0bd4f2c06bc9b94ed9bde2fd8df00c

  • SHA256

    682ba3a6762b523beb3d792fc8c52c44adda0f70033149204c1a0bbc717351b5

  • SHA512

    7534ad5228790627397aa3df43a71bc068b8796f243634ce0d5631043c06701a46487b5b61b928c89e208deec4d7c91691fb58f58f9e280b996598b55643acd6

  • SSDEEP

    6144:HrHoxCAihOD1vk/DprqaZZEZrUzo8/BLcMfsseN/1:LHvfYCpMZYo8/hcMQh1

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/

Targets

    • Target

      Para Transferi Bilgilendirmesi-Dekont20230329.exe

    • Size

      445KB

    • MD5

      26c10e8edfe247965c0694415372ed0b

    • SHA1

      d07b6634339e0078362acd09ca06dc3d5c4e6be1

    • SHA256

      9e3890049c1d7270fe38d2b545a4923b8933d271f9f10d316a7c228e2b931250

    • SHA512

      4a9b7bd5f980084a1b8c9fac7d723c36abe1042292487fd3485cfdbcbce72cf8f3f9bac380ad45c30d328f89b58ab90e7ba647b7cc27856814ea64a9dd58ad41

    • SSDEEP

      6144:qBJoejY8WjxzbAvjvElb8xRNCOWshLXyD9TBwSp8oiMf5F2c0mtZ/BHZnmVnI:q7obSr8iGSLXyDxBwSu2v9tZ/9ZmVnI

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Accesses Microsoft Outlook profiles

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks