Resubmissions
05-12-2023 11:48
231205-nyerkabb78 105-12-2023 11:37
231205-nrgmksbb52 105-12-2023 11:30
231205-nmktfaag4t 101-12-2023 08:49
231201-kreansgc79 1001-12-2023 07:29
231201-ja8brafh46 1001-12-2023 07:25
231201-h9ggmsfh38 730-11-2023 13:08
231130-qc7xbscd2x 730-11-2023 08:58
231130-kw7g1saa3s 127-11-2023 07:20
231127-h6jslafb53 10General
-
Target
https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file
-
Sample
231201-ja8brafh46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file
Resource
win10v2004-20231127-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6322297669:AAGbvKNiIygEW0jh_mPJNVrdjpuyp8vIb4A/
Targets
-
-
Target
https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-