General
-
Target
Dekont-2024-03-28,pdf.exe
-
Size
684KB
-
Sample
240328-xb31baec33
-
MD5
e886fc4734fee8c0445802549df61e16
-
SHA1
373856ccf95b0aba82a3bea3066fcc657046d78d
-
SHA256
8a54d486d4b795af1b8f7506dfa69e2e9fc298a361521af183cb9809cdc3d68b
-
SHA512
274073137bb5505a9e139b361b5a873227cf8f2e4b44834ce83dab8aaf5d87d04c0048305eda99789d62f805e9649b60adbc192355e8eefbf3a357d566b3957b
-
SSDEEP
12288:O/H30YOwqOpJWGEDC2qlHcf1LUTEYct5gWgbrWN3DrSD0ZrTBCu7VzbxTstF8:iO7MCDA2W+JgbrWFDW0ZrTT7Vt0F8
Static task
static1
Behavioral task
behavioral1
Sample
Dekont-2024-03-28,pdf.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Dekont-2024-03-28,pdf.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
admin@normagroup.com.tr - Password:
Bossu_56@@12345@_
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
admin@normagroup.com.tr - Password:
Bossu_56@@12345@_
Targets
-
-
Target
Dekont-2024-03-28,pdf.exe
-
Size
684KB
-
MD5
e886fc4734fee8c0445802549df61e16
-
SHA1
373856ccf95b0aba82a3bea3066fcc657046d78d
-
SHA256
8a54d486d4b795af1b8f7506dfa69e2e9fc298a361521af183cb9809cdc3d68b
-
SHA512
274073137bb5505a9e139b361b5a873227cf8f2e4b44834ce83dab8aaf5d87d04c0048305eda99789d62f805e9649b60adbc192355e8eefbf3a357d566b3957b
-
SSDEEP
12288:O/H30YOwqOpJWGEDC2qlHcf1LUTEYct5gWgbrWN3DrSD0ZrTBCu7VzbxTstF8:iO7MCDA2W+JgbrWFDW0ZrTT7Vt0F8
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-