General
-
Target
Ödeme Transfer Dekontu.exe
-
Size
959KB
-
Sample
231202-t5b7xaea92
-
MD5
cab3421d092d00d9effab5cd8400958f
-
SHA1
815a43fe808a893bbe1b736e722a168b6a6ce8ab
-
SHA256
450add1beb1f7e147fe1bad4703b3cff106ec962e8137dcc3136cf681e9293be
-
SHA512
ae5ed97ad10511136b701e7f7f1889a08501e5c426161b269433c6f11d437190bc5e47492f035c42afa55f1a0bb0a0921ce16ca439f98a787eaf1c02c9a3239c
-
SSDEEP
12288:KCqvJ6IWVdN7wAn9pOVtJ7XLXbVp13uoeBd1kTTD:qvJ6VdN7/oVtBbXder6v
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1179958435408785428/jLjV5a_ciZdpd6t2s27CGCikXETJ6crcchofeUrAVpoZUDRhP4jkMHHhD4ltJmgZhIap
Targets
-
-
Target
Ödeme Transfer Dekontu.exe
-
Size
959KB
-
MD5
cab3421d092d00d9effab5cd8400958f
-
SHA1
815a43fe808a893bbe1b736e722a168b6a6ce8ab
-
SHA256
450add1beb1f7e147fe1bad4703b3cff106ec962e8137dcc3136cf681e9293be
-
SHA512
ae5ed97ad10511136b701e7f7f1889a08501e5c426161b269433c6f11d437190bc5e47492f035c42afa55f1a0bb0a0921ce16ca439f98a787eaf1c02c9a3239c
-
SSDEEP
12288:KCqvJ6IWVdN7wAn9pOVtJ7XLXbVp13uoeBd1kTTD:qvJ6VdN7/oVtBbXder6v
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-