Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

HesapEkstr..._2.exe

windows7-x64

3

HesapEkstr..._2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5d8dd83857fc3cc6d5019853710bfcfb.bin

  • Size

    625KB

  • Sample

    240118-bzassaaccq

  • MD5

    07cf960134921a71bf86d24e41173b44

  • SHA1

    56973a30fb7ce5f363b3ee25084ba518fd41446b

  • SHA256

    74c7236dea30033f41ad600a07ff1c6976d41d941130eca84fc0f4d67cb1a093

  • SHA512

    71a7f4ad9b49948be6d9f50017b26eccff7be76d9d8140ad172a424aef771f5ca28492b83a90eaef404085e7729c4ab4da19c335f914a65e58f705187b3d2829

  • SSDEEP

    12288:aIKsDY5hvBe4NDl4vXPMIi/LefG3crD6VG7WlErXHvb0j+eWuL:ah24NDyXPM3AGE6iXHvb0aeb

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.pharmacell.com.tr
  • Port:
    587
  • Username:
    finans@pharmacell.com.tr
  • Password:
    Fatih-2015a

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    mail.pharmacell.com.tr
  • Port:
    587
  • Username:
    finans@pharmacell.com.tr
  • Password:
    Fatih-2015a
  • Email To:
    matilak1982@gmail.com

Targets

    • Target

      HesapEkstresi_08012024_13014688_3871782_MY_2.exe

    • Size

      669KB

    • MD5

      cb17689f9f2f8ead0450a9fa21ea6920

    • SHA1

      44f2a04f059e94ce47a2da8ed0b175a97e20ddde

    • SHA256

      390742120fc89ba2735772dbb63c0998bdb2d26df99976a5406477c4ffab56c2

    • SHA512

      43d729df8acf4eb2fe56c7432835340214b571a942e12566eef1eab656b7c1e263d3ac6b76087757034294382c90f1f53d3c9b8c83e80783fc868e94e916c76b

    • SSDEEP

      12288:Pz1uPBa5rr1wAM1F0XtZFBlZMMDcrKJSja7kaGPASF:Pua5rvM1FqnFBnMMDTSyoASF

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.