General
-
Target
CN-Invoice-0945413571-XXXXX6856-2312053735707600000.exe
-
Size
731KB
-
Sample
240618-qszwnavhnh
-
MD5
13fd9af2cbde45ff5d165a7a0453b32b
-
SHA1
8d2123d6b05840cd829fe70a67e7fb18f070b669
-
SHA256
306fdd40e13ae0d873d6faca343142b9b487b6b6be4db2dda48b6ed886e6e349
-
SHA512
6789fb3aeb2d018fd3db4d4bc588f69a3208b9b4f91f662c80b9f278130a82a9f4f4d44000a4d235204ae8ccd949b2afa805e62a7a653ac99db1e022d223b47e
-
SSDEEP
12288:njdXtfETFa1IxLAvSPKyDRvjaIPAFrM6h9r4in440fJEuRLVSbE261:jd92A1IxkvSPDwr59Bn440GuRLVj
Static task
static1
Behavioral task
behavioral1
Sample
CN-Invoice-0945413571-XXXXX6856-2312053735707600000.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
CN-Invoice-0945413571-XXXXX6856-2312053735707600000.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Qb.X[.j.Yfm[
Extracted
Protocol: ftp- Host:
ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
Qb.X[.j.Yfm[
Targets
-
-
Target
CN-Invoice-0945413571-XXXXX6856-2312053735707600000.exe
-
Size
731KB
-
MD5
13fd9af2cbde45ff5d165a7a0453b32b
-
SHA1
8d2123d6b05840cd829fe70a67e7fb18f070b669
-
SHA256
306fdd40e13ae0d873d6faca343142b9b487b6b6be4db2dda48b6ed886e6e349
-
SHA512
6789fb3aeb2d018fd3db4d4bc588f69a3208b9b4f91f662c80b9f278130a82a9f4f4d44000a4d235204ae8ccd949b2afa805e62a7a653ac99db1e022d223b47e
-
SSDEEP
12288:njdXtfETFa1IxLAvSPKyDRvjaIPAFrM6h9r4in440fJEuRLVSbE261:jd92A1IxkvSPDwr59Bn440GuRLVj
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-