General
-
Target
Dekont Para Transferi Bilgilendirmesi-PDF.exe
-
Size
672KB
-
Sample
231212-jnpfssafc4
-
MD5
3a1771033a26f86e4c02e47f0e1a2450
-
SHA1
794035402e34f139f0ae55c08bd246ae4396b904
-
SHA256
f192e4ce01f2b61f9af29d96d4a18e3f2d5d347ff1f5766d4c1f8df52e74b67b
-
SHA512
365e69e719db106be1dbe35d30b5cb3df85bef998a664e4e29b00c99f4994eed6bcf6299460b3feb88051868ec1759a49aaff69c9df6328678fb3def02947eb1
-
SSDEEP
12288:b9BgOWP6iqpEmQepZxBOV4EGcrdpNzt2ugnGXK3fhj+iBA0rqT2JrZ2HYSYg/xLU:hCkpE+wV4tEP9kL/3JjjGWFJroHYYR
Static task
static1
Behavioral task
behavioral1
Sample
Dekont Para Transferi Bilgilendirmesi-PDF.exe
Resource
win7-20231023-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.aksumer.com - Port:
21 - Username:
aksumerc - Password:
211116.kS*-
Targets
-
-
Target
Dekont Para Transferi Bilgilendirmesi-PDF.exe
-
Size
672KB
-
MD5
3a1771033a26f86e4c02e47f0e1a2450
-
SHA1
794035402e34f139f0ae55c08bd246ae4396b904
-
SHA256
f192e4ce01f2b61f9af29d96d4a18e3f2d5d347ff1f5766d4c1f8df52e74b67b
-
SHA512
365e69e719db106be1dbe35d30b5cb3df85bef998a664e4e29b00c99f4994eed6bcf6299460b3feb88051868ec1759a49aaff69c9df6328678fb3def02947eb1
-
SSDEEP
12288:b9BgOWP6iqpEmQepZxBOV4EGcrdpNzt2ugnGXK3fhj+iBA0rqT2JrZ2HYSYg/xLU:hCkpE+wV4tEP9kL/3JjjGWFJroHYYR
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Suspicious use of SetThreadContext
-