General
-
Target
Dekont Para Transferi Bilgilendirmesii-DOC.exe
-
Size
688KB
-
Sample
231212-jnf5esafb9
-
MD5
14e7f8d11ca273ab9a8adbca5572003b
-
SHA1
89fc2ebd3778c31ef1aa885c5ea8908cdc8375bb
-
SHA256
e0366c03f423955a7895635a56e418c8982d421bb40b9649ad9e1f2b2f891be7
-
SHA512
773520bb33224769c6d7b1071266a323d42ad9201cc49dd20254191b2005c01a6698aed6f3b6ec864cdd11078090e510aa6fe7c7384f37935676df2c46428c42
-
SSDEEP
12288:Q3IU8S6eUdh0r/yAYkxX1SU7aBk6QfC5I9PywNnBxURjv84T78aH5:uItSAdGr/yAPp183QfEIVnBWpjT78G5
Static task
static1
Behavioral task
behavioral1
Sample
Dekont Para Transferi Bilgilendirmesii-DOC.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aksumer.com - Port:
21 - Username:
aksumerc - Password:
211116.kS*-
Targets
-
-
Target
Dekont Para Transferi Bilgilendirmesii-DOC.exe
-
Size
688KB
-
MD5
14e7f8d11ca273ab9a8adbca5572003b
-
SHA1
89fc2ebd3778c31ef1aa885c5ea8908cdc8375bb
-
SHA256
e0366c03f423955a7895635a56e418c8982d421bb40b9649ad9e1f2b2f891be7
-
SHA512
773520bb33224769c6d7b1071266a323d42ad9201cc49dd20254191b2005c01a6698aed6f3b6ec864cdd11078090e510aa6fe7c7384f37935676df2c46428c42
-
SSDEEP
12288:Q3IU8S6eUdh0r/yAYkxX1SU7aBk6QfC5I9PywNnBxURjv84T78aH5:uItSAdGr/yAPp183QfEIVnBWpjT78G5
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of SetThreadContext
-