General
-
Target
19-03-2024_Takas_Sonuclari.exe
-
Size
337KB
-
Sample
240625-kr7l8ashnm
-
MD5
b65d3c7ac46abf5afc9d896a92623630
-
SHA1
03f705926c035da55ec11eaa49aa8b4715d592b3
-
SHA256
0a6adfbe763ffb4662be545f5fbeeb8df314e64aa5b8a389e1800368e07904f7
-
SHA512
79b20ac6bc19ef427c03dd120e6cdfe26a6db9841c395706634e30815c88a6009e32a2144eedf69b0fb4e6b5aeecb00a9e7aec48c4e2dffee8b3ef0482ec2167
-
SSDEEP
6144:qJ3YMkZeKAXMXde7CV/f8yXnTPe11ZPKi:qmMQ1db3bzek
Static task
static1
Behavioral task
behavioral1
Sample
19-03-2024_Takas_Sonuclari.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
19-03-2024_Takas_Sonuclari.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.normagroup.com.tr - Port:
21 - Username:
[email protected] - Password:
$%M4,p)]vd1=
Targets
-
-
Target
19-03-2024_Takas_Sonuclari.exe
-
Size
337KB
-
MD5
b65d3c7ac46abf5afc9d896a92623630
-
SHA1
03f705926c035da55ec11eaa49aa8b4715d592b3
-
SHA256
0a6adfbe763ffb4662be545f5fbeeb8df314e64aa5b8a389e1800368e07904f7
-
SHA512
79b20ac6bc19ef427c03dd120e6cdfe26a6db9841c395706634e30815c88a6009e32a2144eedf69b0fb4e6b5aeecb00a9e7aec48c4e2dffee8b3ef0482ec2167
-
SSDEEP
6144:qJ3YMkZeKAXMXde7CV/f8yXnTPe11ZPKi:qmMQ1db3bzek
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-