General
-
Target
hesaphareketi-01.exe
-
Size
2.3MB
-
Sample
240618-xmhhravbpd
-
MD5
a2f3b683ef9cede019ed5045ef6b66fb
-
SHA1
2ec559176c76ea033f9bf9fbffa0c348fe47cda7
-
SHA256
4f46bb9daf64768d2e348cea9b2b5381c056beafa9e7932b9c3e38349b38dcbf
-
SHA512
0f190e90ebc373fa4295e70d72891c108a17c0ed8b847b8ebfbd1c6eebd862fe28c1dc3ce25875b8022bc764a149a9d61e3f5470953ec67b6164b64beab65735
-
SSDEEP
24576:6BigWOZM621xzM99FLCzvE1sFLD6UcDDnmL:6B/WOZMVxzCLcc1xb3s
Static task
static1
Behavioral task
behavioral1
Sample
hesaphareketi-01.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
hesaphareketi-01.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.tekserendustriyel.com - Port:
21 - Username:
[email protected] - Password:
chuzy2024@
Targets
-
-
Target
hesaphareketi-01.exe
-
Size
2.3MB
-
MD5
a2f3b683ef9cede019ed5045ef6b66fb
-
SHA1
2ec559176c76ea033f9bf9fbffa0c348fe47cda7
-
SHA256
4f46bb9daf64768d2e348cea9b2b5381c056beafa9e7932b9c3e38349b38dcbf
-
SHA512
0f190e90ebc373fa4295e70d72891c108a17c0ed8b847b8ebfbd1c6eebd862fe28c1dc3ce25875b8022bc764a149a9d61e3f5470953ec67b6164b64beab65735
-
SSDEEP
24576:6BigWOZM621xzM99FLCzvE1sFLD6UcDDnmL:6B/WOZMVxzCLcc1xb3s
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-