Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
-
Size
273KB
-
Sample
230505-pjxjhacc71
-
MD5
9326352797b86810855d22c81b5b6cd6
-
SHA1
60a64fda0b9a1f68aeb5c481e54fc4cfaab1f99a
-
SHA256
0113a0681674a5ce9fc9d80f924a196ffb7471f550fd79f2e49356b7e4e76cb5
-
SHA512
7239b860606b499f0fa8c942f3f598f6429c469b9aed7896d4c60f318d57a452101ed23e2561aaa0331932c878756a438b3c5020f6fbba9afdccf368122fac27
-
SSDEEP
6144:pYa6KyZJ06lDFyA08T+uhI2B2T6xoK+QUoc2a094ZQQ5U0yK:pY8y86lDcAV+l9OOFxSpK
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6261006732:AAFiMpPz79k5Wkkw0xvICpfaipqXFQbQmmo/
Targets
-
-
Target
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
-
Size
273KB
-
MD5
9326352797b86810855d22c81b5b6cd6
-
SHA1
60a64fda0b9a1f68aeb5c481e54fc4cfaab1f99a
-
SHA256
0113a0681674a5ce9fc9d80f924a196ffb7471f550fd79f2e49356b7e4e76cb5
-
SHA512
7239b860606b499f0fa8c942f3f598f6429c469b9aed7896d4c60f318d57a452101ed23e2561aaa0331932c878756a438b3c5020f6fbba9afdccf368122fac27
-
SSDEEP
6144:pYa6KyZJ06lDFyA08T+uhI2B2T6xoK+QUoc2a094ZQQ5U0yK:pY8y86lDcAV+l9OOFxSpK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-