General

  • Target

    hesaphareketi-01.exe

  • Size

    2.3MB

  • Sample

    240618-xmhhravbpd

  • MD5

    a2f3b683ef9cede019ed5045ef6b66fb

  • SHA1

    2ec559176c76ea033f9bf9fbffa0c348fe47cda7

  • SHA256

    4f46bb9daf64768d2e348cea9b2b5381c056beafa9e7932b9c3e38349b38dcbf

  • SHA512

    0f190e90ebc373fa4295e70d72891c108a17c0ed8b847b8ebfbd1c6eebd862fe28c1dc3ce25875b8022bc764a149a9d61e3f5470953ec67b6164b64beab65735

  • SSDEEP

    24576:6BigWOZM621xzM99FLCzvE1sFLD6UcDDnmL:6B/WOZMVxzCLcc1xb3s

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.tekserendustriyel.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    chuzy2024@

Targets

    • Target

      hesaphareketi-01.exe

    • Size

      2.3MB

    • MD5

      a2f3b683ef9cede019ed5045ef6b66fb

    • SHA1

      2ec559176c76ea033f9bf9fbffa0c348fe47cda7

    • SHA256

      4f46bb9daf64768d2e348cea9b2b5381c056beafa9e7932b9c3e38349b38dcbf

    • SHA512

      0f190e90ebc373fa4295e70d72891c108a17c0ed8b847b8ebfbd1c6eebd862fe28c1dc3ce25875b8022bc764a149a9d61e3f5470953ec67b6164b64beab65735

    • SSDEEP

      24576:6BigWOZM621xzM99FLCzvE1sFLD6UcDDnmL:6B/WOZMVxzCLcc1xb3s

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks