General
-
Target
SÖZLEŞME-pdf.exe
-
Size
701KB
-
Sample
231207-jckngahghq
-
MD5
62078921f530e580c1df7e86bf9975a1
-
SHA1
6589ad060056166c90136ba0313c1e580e478fdd
-
SHA256
3c0a5c75a24724f85305ffe4831cc0303f9eaa1e2b3a897a91cb808429b34845
-
SHA512
b9b3aceba175deffdb04687d885f88de035cc76df590f621a12b55ec798eb218b2d66531d9055cad51dfb5f2e1b8a98c262e467d0716506b567d3691af817dd0
-
SSDEEP
12288:lwFGHET8v6M1Q0Lxa4cdpv0yLHYGBHj4LrMpKWlnZylgimtdYM3O0V7bb:l5HETcTQ6M4ct8w00ylgZtub0V7
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.vvspijkenisse.nl - Port:
21 - Username:
[email protected] - Password:
playingboyz231
Targets
-
-
Target
SÖZLEŞME-pdf.exe
-
Size
701KB
-
MD5
62078921f530e580c1df7e86bf9975a1
-
SHA1
6589ad060056166c90136ba0313c1e580e478fdd
-
SHA256
3c0a5c75a24724f85305ffe4831cc0303f9eaa1e2b3a897a91cb808429b34845
-
SHA512
b9b3aceba175deffdb04687d885f88de035cc76df590f621a12b55ec798eb218b2d66531d9055cad51dfb5f2e1b8a98c262e467d0716506b567d3691af817dd0
-
SSDEEP
12288:lwFGHET8v6M1Q0Lxa4cdpv0yLHYGBHj4LrMpKWlnZylgimtdYM3O0V7bb:l5HETcTQ6M4ct8w00ylgZtub0V7
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Drops file in System32 directory
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-