General
-
Target
Dekont Para Transferi Bilgilendirmesi.exe
-
Size
721KB
-
Sample
231205-r95c5sbf8t
-
MD5
4bcbd21fd84d7e8dc54aac25a98af859
-
SHA1
51e15f254ed48918481f5f41bf13827607b234e3
-
SHA256
b8896f83c476a5ed9b16d119b9d585e7f38a736330dde02a791dc299ebb64606
-
SHA512
1d730a30fcc98aeeb110641ff64f9b3b57c11e2b46ba343bbac6b34349ba504c00c015ceaf2141f76f987f0f515e5d918b1903a0b19ed20eff16e28314bd0f87
-
SSDEEP
12288:BF5nF8ME6jD/dIlOyAgJK7+wMisVjk61mhbJYiDmBUMdUk8PBL:BFPtD/2OjUi8kmmFdmuk85L
Static task
static1
Behavioral task
behavioral1
Sample
Dekont Para Transferi Bilgilendirmesi.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Dekont Para Transferi Bilgilendirmesi.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aksumer.com - Port:
21 - Username:
aksumerc - Password:
211116.kS*-
Targets
-
-
Target
Dekont Para Transferi Bilgilendirmesi.exe
-
Size
721KB
-
MD5
4bcbd21fd84d7e8dc54aac25a98af859
-
SHA1
51e15f254ed48918481f5f41bf13827607b234e3
-
SHA256
b8896f83c476a5ed9b16d119b9d585e7f38a736330dde02a791dc299ebb64606
-
SHA512
1d730a30fcc98aeeb110641ff64f9b3b57c11e2b46ba343bbac6b34349ba504c00c015ceaf2141f76f987f0f515e5d918b1903a0b19ed20eff16e28314bd0f87
-
SSDEEP
12288:BF5nF8ME6jD/dIlOyAgJK7+wMisVjk61mhbJYiDmBUMdUk8PBL:BFPtD/2OjUi8kmmFdmuk85L
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-