Overview

overview

10

Static

static

3

hesaphareketi-01.exe

windows7-x64

10

hesaphareketi-01.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    08018c4ffcb5b25d3bedc1fddadf713e.bin

  • Size

    682KB

  • Sample

    240118-bc5pmsadc2

  • MD5

    5b63687c80fb7ab467a808937e0c3bac

  • SHA1

    08545d7f26e7d6a0fafd442362802beefea4dac1

  • SHA256

    00dca5c846aac5002f6f6936499acea6c1b1a6f559385c1b4baf65d8119d29ba

  • SHA512

    cd260cdffeadc60a6679a290ea18ff401e3b92a9a2828990348fa4d3a8a52da96144c922387f01a418c0842392b2a322a288960cde4b38e809f9bcb30aedd974

  • SSDEEP

    12288:RyYl8D8jJzcWX7en0Ya0fkrXKt/J0oaPVoao9aN7oi6DZarFvstv/I5P3me4+2E6:RyYl8I9zvXKn0pykLKAhPnoc6i6NapvQ

Score
10/10
agentteslazgratkeyloggerratspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.pharmacell.com.tr
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    Fatih-2015a

Targets

    • Target

      hesaphareketi-01.exe

    • Size

      851KB

    • MD5

      de310f037110ce251ad1c23f09318c29

    • SHA1

      46310a5a3997575f8b4df66ebda2707061f517aa

    • SHA256

      237a9a1345466333a1dd02477c5a1f9fe1ce0078f869e397db00ac84516060e2

    • SHA512

      16e845a708f2d219b17beb9a25dbe3fe198bcfad87205bbfd3da0b13cc0a607ffd3330533f8caff176d336c90437adfc2ec3addfa35f6322357a5aa701f26e96

    • SSDEEP

      24576:cbGLYrmqV26Q+/DLXW/rIeH4OxLNILj+:yGLYrPV24XWjIcwL

    Score
    10/10
    agentteslazgratkeyloggerratspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Detect ZGRat V1

    • ZGRat

      ZGRat is remote access trojan written in C#.

      ratzgrat

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks