General
-
Target
04_12_2023_Dönemi_MEVDUAT Ekstre Bilgiler.exe
-
Size
909KB
-
Sample
231204-lc2m4aac4t
-
MD5
10003be0ae6e1a355b128c9663062acf
-
SHA1
1fe433690c38a9c9027ad9a6f5bebbb662406bbb
-
SHA256
5e5350a474c7fcc4782d8fb212f0b43aeeb7c144feae45f7fa37544110650768
-
SHA512
5d2e598b262338d2dc4fc000e7eb25ac0ffb53b0ad1d3601b69c781f09c25c7d2c26c24b217447f8612170c308f8ae25127c148bf4cf60e12f032015c675d075
-
SSDEEP
12288:uWBMCtW8G34/uK45+po2uRRyYD9gWghD8hqneT/ao0smtkn8eKwODX7rR3QMsm+l:dq34/up+pJuWeEwhqneDaJsGPWf53p/
Static task
static1
Behavioral task
behavioral1
Sample
04_12_2023_Dönemi_MEVDUAT Ekstre Bilgiler.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
04_12_2023_Dönemi_MEVDUAT Ekstre Bilgiler.exe
Resource
win10v2004-20231201-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.defalife.com.tr - Port:
587 - Username:
[email protected] - Password:
Defalife.124578 - Email To:
[email protected]
Targets
-
-
Target
04_12_2023_Dönemi_MEVDUAT Ekstre Bilgiler.exe
-
Size
909KB
-
MD5
10003be0ae6e1a355b128c9663062acf
-
SHA1
1fe433690c38a9c9027ad9a6f5bebbb662406bbb
-
SHA256
5e5350a474c7fcc4782d8fb212f0b43aeeb7c144feae45f7fa37544110650768
-
SHA512
5d2e598b262338d2dc4fc000e7eb25ac0ffb53b0ad1d3601b69c781f09c25c7d2c26c24b217447f8612170c308f8ae25127c148bf4cf60e12f032015c675d075
-
SSDEEP
12288:uWBMCtW8G34/uK45+po2uRRyYD9gWghD8hqneT/ao0smtkn8eKwODX7rR3QMsm+l:dq34/up+pJuWeEwhqneDaJsGPWf53p/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-