General
-
Target
YILMAZKIMYA - Turkey _Fiyat teklif 0058118592 - VANTUZ.xlsx.exe
-
Size
1.1MB
-
Sample
240429-npmqtahe66
-
MD5
01335b2552da1db81d14689ae36b8e75
-
SHA1
ad9792c3d789fc2759c0ec1b72cf02d0924dcf1a
-
SHA256
de82876fecac3f3453f0083045be955ef9cd3e85708ea8967ad5a33eb3363945
-
SHA512
be2889805f28414fd9a535f83aabacf6cf205f06cca3dbc5be2e7c1e1bfbff08d4f388798dbbbd154ec6188d6fbf69faef471e56e4043c45d3479ae48ef709db
-
SSDEEP
24576:PqDEvCTbMWu7rQYlBQcBiT6rprG8asH+8UniTVDso3NQl:PTvC/MTQYxsWR7asDYEKUy
Static task
static1
Behavioral task
behavioral1
Sample
YILMAZKIMYA - Turkey _Fiyat teklif 0058118592 - VANTUZ.xlsx.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
YILMAZKIMYA - Turkey _Fiyat teklif 0058118592 - VANTUZ.xlsx.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.deeptrans.com.tr - Port:
587 - Username:
[email protected] - Password:
59ace821A
Targets
-
-
Target
YILMAZKIMYA - Turkey _Fiyat teklif 0058118592 - VANTUZ.xlsx.exe
-
Size
1.1MB
-
MD5
01335b2552da1db81d14689ae36b8e75
-
SHA1
ad9792c3d789fc2759c0ec1b72cf02d0924dcf1a
-
SHA256
de82876fecac3f3453f0083045be955ef9cd3e85708ea8967ad5a33eb3363945
-
SHA512
be2889805f28414fd9a535f83aabacf6cf205f06cca3dbc5be2e7c1e1bfbff08d4f388798dbbbd154ec6188d6fbf69faef471e56e4043c45d3479ae48ef709db
-
SSDEEP
24576:PqDEvCTbMWu7rQYlBQcBiT6rprG8asH+8UniTVDso3NQl:PTvC/MTQYxsWR7asDYEKUy
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect ZGRat V1
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-