General
-
Target
__DEME ONAY KOPYASI.rar
-
Size
784KB
-
Sample
240923-sml4qazbrq
-
MD5
6a39443167db29ab21c9982aa2d46c2e
-
SHA1
1d8205694d8d48799babda04bbad2af2b2511347
-
SHA256
b03e9f1aab55b8e212f519af44b29b548a5879f0cc172c9f6657119afe81804d
-
SHA512
e5e538405bbf25e05f80ddeea260ea6bddc0b3e2470ce214cfef968b5a57a7fe34f200f539169c333fefce46cfe0e5e13b3d245ab6550f7007dd6ba923ea7535
-
SSDEEP
24576:lU+Q7KyXetuBLWGoVbwvVwUuxaC5jwuLXD:lU19vgGoUVHZCpXD
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://backup.smartape.ru - Port:
21 - Username:
user894492 - Password:
w6NZOdcSkH1a
Targets
-
-
Target
ÖDEME ONAY KOPYASI.exe
-
Size
1.1MB
-
MD5
83b1f23037750513f77d68b3d6b56575
-
SHA1
660815603e6f1782cda28d2e3b834cfa5e0f5e91
-
SHA256
199e1154aa99f9c8314ddbcf187ab911a34346133d0d3d19cdba9663187da120
-
SHA512
91562ddefe9a256c3e630b979c3bbd01feadd54e48cc828ab18cbad2255bcc8ffcb91783cc1c87eadbbb8d17bde19f99afb5b308f14252e0436059cc42e3ecee
-
SSDEEP
24576:uRmJkcoQricOIQxiZY1iaCBUtBznEtS1c16WxG5:7JZoQrbTFZY1iaCBUt1E+35
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Suspicious use of SetThreadContext
-