General
-
Target
Ödeme onaylama.tgz
-
Size
1.5MB
-
Sample
240418-ls1ezahe83
-
MD5
fe58bd5d1ce643d563858a8fb640699f
-
SHA1
3c254d764cfc80e85fba809771b3c87ed02cbfb1
-
SHA256
9ddc064aa8d8bfe4bdbd4c14dca5783133c0236dcfe423755eb37e7370f15752
-
SHA512
0331fdf71e130511bad9a0fc19e0af395282f47a3dd933b651573bed0438b58a4bcd826252fcee436a05342f7a1a7ffd7349a78aa7184ddd1df4c0daa51f3e97
-
SSDEEP
24576:WwC93eIevVNa7JSn1jeZxeqHwSts4A2tm2e:W9elvLadSnwLfH9t93tm2e
Static task
static1
Behavioral task
behavioral1
Sample
Ödeme onaylama.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Ödeme onaylama.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6985437147:AAFTvoxMX9jBU6KIbkprc-B74rVfUy8tpzs/
Targets
-
-
Target
Ödeme onaylama.exe
-
Size
810.6MB
-
MD5
d79dc866ebc2705b5eb812c4519a1dd4
-
SHA1
887f080e0e82a4410a5bc45bae1148b394bda6c1
-
SHA256
85b3d8c24bb5653ba1ffa131a6d7b03b42da9a03f245488f2a11eb79db2bbac6
-
SHA512
133941fc0ff7a652d20546ec534341efb61574e13b9f286af6a459c09e04a1d13428b39e81a3cc640449f8cad7a86f95805540b570e7d4c49efc4b345b8d42a0
-
SSDEEP
24576:mJiMLXgIe3HNa7TM5/LUZZ0YHwEts4Ae2Y0bf0:m+l3tafM5gXLHBt9AeYbf
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-