agenttesla

General

Target

68__alma_Sipari_i_Spesifikasyonu.zip
Size

2.9MB
Sample

250403-kjypcas1gx
MD5

a38fb31dd89ca1cd73997b2001fb9a2f
SHA1

282fc6826169df89a9095990c78e22680e22c599
SHA256

9fd19dc2cf698d99f77f584daf924f1e5aa5081be879ede156a33316f9ca8baf
SHA512

8a4d3d394a24efdecf85b0ad1dd214a9c7daec54ee13e3a5715c1f943ea2dde0654a72c3043c645c482425f33f9a80d3e00f42bae4c10d2aef3646fedc69c9f6
SSDEEP

49152:pMCUsL+tY1bInUxaxJMhStR8MuBjUGatz6uxkSZd7Az/DiCJ8RxsPTnI7ly7nX:CnsL+obInUI08f8TItz7xhZd7AzbDJ84

Score

10^/10

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot7727146830:AAHPH5G1BgMzNy35r8HXC1DXB8AIv-I_4cA/

Targets

- Target
  
  Satınalma Siparişi Spesifikasyonu.exe
- Size
  
  55KB
- MD5
  
  cf3730065ea41e334dd1c0cd9a9e645f
- SHA1
  
  ca0ade25c36cd37a3dea4c8baf1e572622b96ee8
- SHA256
  
  b04ea3c83515c3daf2de76c18e72cb87c0772746ec7369acce8212891d0d8997
- SHA512
  
  63d5cc1d90d9ef97fc856b0b7cd8b6c4ebedaf2248b85c1f4754b4ace9ef5f9bbdfbaf32df2f6a92527334e3dc4fafa3a57d3df7242e31a6dea6ef919a82e06a
- SSDEEP
  
  768:GhrxNIkm1OegISRP5RHKl9tI5rMJSPcY0ur8b64W/iIAjSHWUF34BYixxR62E1:IxmkVgqRIe5QcPcHur8iGj+WUFIB7XYz
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  edit.dll
- Size
  
  6.3MB
- MD5
  
  4e579141c090b55f8fcfac304bcba923
- SHA1
  
  69f39a145cc4c99d9e1861b53684c7b3144fff13
- SHA256
  
  85c2a2e3ee850092e4eb62f7f08165bc4883cd36c30b31dc63b57ccbf5f83fbb
- SHA512
  
  7223f8891e800c6c2e64ef6b939d7d4aa54ed3efe41f414b72b04ab14abac0a53d77a9bba3caf73b0b34287fcd79d25fce204a4cfd4f2986ae1708fa605ebd32
- SSDEEP
  
  49152:6jI+/FaA3QOruUbRvAV+g16jzDHvAeOMSoSkW0Ly2lUhNT8298T0w4YcUiImewIh:peNrulq0ov8n90HoIC2D/Gx9q
Score

10^/10

agenttesla discovery keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  mscorlib.dll
- Size
  
  237KB
- MD5
  
  8756e19c13e3efaef79169b1c3abd36b
- SHA1
  
  3d0b67135f01533268f0f8928ea11378ca2534ca
- SHA256
  
  2e2248ad1e6d57d1e40a5a67e203ad5644e30aeeb89e318995636be740eaee04
- SHA512
  
  88089a19e5dc801a3f605e318894c28367d3348b331aebeae95984b80f29c59365a3be42959c71fec11215f6bb40fae96ac3032f688bc80399fa2eac5de3da9a
- SSDEEP
  
  3072:H3+l7h+CuSWCWz/vgn2EITYU5uQqXc3xgPPfCU57lUqI9oH1d:X+l7UCuSWCY/vgn2EITYU5k5PaKUqua
Score

1^/10
behavioral3