Extracted

• • Target

    TEKLİF TALEP VE FİYAT TEKLİFİ‮s؜x؜l؜x؜..exe

  • Size

    2.5MB

  • MD5

    943b8ec27c9e3997239b317f081ec3e4

  • SHA1

    c5d9639dfbda1c3fec0f7e7ff9c27790074c0009

  • SHA256

    09ec4ca4e05a633b0a8114607cc08fd062348051d17f745d483cc3646279722b

  • SHA512

    7eaf696ca9448de6363903749ef5d3fdb396190b656e8e87f4874a2a00ad19cd5725b072e1514dd90c4ff73eea590629b4e82b5fc084233aba4c44fbde7db490

  • SSDEEP

    49152:ZP6hSrcCPT0J5Lg31+mYGnKDkTXzTnSPb:iujmmYGnKDkTzTno

  Score

  10^/10

  agentteslakeyloggerpersistencespywarestealertrojan

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla

  • Detect packed .NET executables. Mostly AgentTeslaV4.

  • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

  • Detects executables referencing Windows vault credential objects. Observed in infostealers

  • Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers

  • Detects executables referencing many email and collaboration clients. Observed in information stealers

  • Detects executables referencing many file transfer clients. Observed in information stealers

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2