General
-
Target
47ed8a371b2d67ff11d04a5e2473e2bedeb5c074bb6f90f452e8bfd837ef6a11
-
Size
721KB
-
Sample
231208-vcq12abbfr
-
MD5
ffbe9004bdc3baf89029b00471d93823
-
SHA1
2d8a88f35cbb157e7e2665027b129cb2219c966d
-
SHA256
47ed8a371b2d67ff11d04a5e2473e2bedeb5c074bb6f90f452e8bfd837ef6a11
-
SHA512
4fd764d08855cd66438db715ea44636c013eabc2c5ef8635130cd3e0bcc15d3a08fb23f2ef9ef38793e712850b992aa899a2cf9c240b36c2a56f49cf08891ba4
-
SSDEEP
12288:gmseEpezwjCs1c9+A4swbWBqQaKHixs8rcgEae3+c4cOH9rQQNKx7MW4VHj9w4a4:gmsYzw+srvsfdCxM8eYH9N6gWAHjdVV
Static task
static1
Behavioral task
behavioral1
Sample
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
Resource
win10v2004-20231130-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.rolexlogisticsservice.com - Port:
587 - Username:
[email protected] - Password:
0.p-TydLJ-3Z - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.rolexlogisticsservice.com - Port:
587 - Username:
[email protected] - Password:
0.p-TydLJ-3Z
Targets
-
-
Target
Halkbank_Ekstre_20191102_073809_405251-PDF.exe
-
Size
988KB
-
MD5
0f93c17cac1c2dd8b332bf2d53aa2f8c
-
SHA1
8848bf63c85f1743d63d458819ab4632f80b4cc9
-
SHA256
4b01f24d97fef59510e2a99a4d75d48f7dbe8445e5fe05a3602fb7a12094ade9
-
SHA512
b1b7968abe71cdf12c1aa3bed07fdde8282126faf2bd1386c8fccc0bfdc3ae39b10d94155a96770bc72dee60d6265ce45a8211e4624b3e25c1e08bc7794a2c89
-
SSDEEP
12288:o6UYBXALb35v+g4IwbmB1fRcmjMx7jghB/8SBJxVtQD2b62SgM5DqanwP7r9r/+l:1SbIPIhbNM1sh9BR1q
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-