General
-
Target
aa67393675b5dce00769189cf78c56add8199054a13e5542e3ac784356543057
-
Size
640KB
-
Sample
241114-rc9atszgqc
-
MD5
f1b2646829c23e5092b10b2a8c32c98b
-
SHA1
c0cfd8860f965859f545401c64bd85f5878c8e6e
-
SHA256
aa67393675b5dce00769189cf78c56add8199054a13e5542e3ac784356543057
-
SHA512
0f01b4f621dbc3ddb13ea1d2b516a00961c4b5c83aea59e0527f8dd5cdc02dab06bcdc1f12f8dd9a346815f88f724f88a0ca9c030f35127e6ffe4df1544609b3
-
SSDEEP
12288:zzCMzTEolPhAv3ffqW0MY8nXDWIix+gFLK8HUesVQCH2No7sOzCOGErP:zHlPhASTExXg08HUesJICsOmO3z
Static task
static1
Behavioral task
behavioral1
Sample
13.11.2024 Dönemi MEVDUAT Ekstre Bilgileri.exe
Resource
win7-20240903-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.apexrnun.com - Port:
587 - Username:
[email protected] - Password:
CCu5Z?WuH+bS4hsz
Targets
-
-
Target
13.11.2024 Dönemi MEVDUAT Ekstre Bilgileri.exe
-
Size
744KB
-
MD5
520a262f80cf02e30659bc426ba7c170
-
SHA1
e310439406536997b929f5efa687e54e9464f2f1
-
SHA256
e906e21afae36935bb736db8fa0373c88f2988cd5c8c3e8a646e41eaa449ac6f
-
SHA512
d6c4d7a1e3df4d2a640996231436550c86f6026783fe4c499ecc676e5fe838a48cc6321194c3deb92d8ecdedfb4603c66748e84d492bdbcdd169bb2b696e999d
-
SSDEEP
12288:f43aCm25qFwzm/OXeDWIiH+UVFKuHwesVOCH2No7sTVBXSryCJVM5:wX56Gm/oexRUauHwesXICgCJVe
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
4Credentials In Files
3Credentials in Registry
1