General
-
Target
68__alma_Sipari_i_Spesifikasyonu.zip
-
Size
2.9MB
-
Sample
250403-kjypcas1gx
-
MD5
a38fb31dd89ca1cd73997b2001fb9a2f
-
SHA1
282fc6826169df89a9095990c78e22680e22c599
-
SHA256
9fd19dc2cf698d99f77f584daf924f1e5aa5081be879ede156a33316f9ca8baf
-
SHA512
8a4d3d394a24efdecf85b0ad1dd214a9c7daec54ee13e3a5715c1f943ea2dde0654a72c3043c645c482425f33f9a80d3e00f42bae4c10d2aef3646fedc69c9f6
-
SSDEEP
49152:pMCUsL+tY1bInUxaxJMhStR8MuBjUGatz6uxkSZd7Az/DiCJ8RxsPTnI7ly7nX:CnsL+obInUI08f8TItz7xhZd7AzbDJ84
Behavioral task
behavioral1
Sample
Satınalma Siparişi Spesifikasyonu.exe
Resource
win10v2004-20250314-en
Behavioral task
behavioral2
Sample
edit.dll
Resource
win10v2004-20250313-en
Behavioral task
behavioral3
Sample
mscorlib.dll
Resource
win10v2004-20250313-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot7727146830:AAHPH5G1BgMzNy35r8HXC1DXB8AIv-I_4cA/
Targets
-
-
Target
Satınalma Siparişi Spesifikasyonu.exe
-
Size
55KB
-
MD5
cf3730065ea41e334dd1c0cd9a9e645f
-
SHA1
ca0ade25c36cd37a3dea4c8baf1e572622b96ee8
-
SHA256
b04ea3c83515c3daf2de76c18e72cb87c0772746ec7369acce8212891d0d8997
-
SHA512
63d5cc1d90d9ef97fc856b0b7cd8b6c4ebedaf2248b85c1f4754b4ace9ef5f9bbdfbaf32df2f6a92527334e3dc4fafa3a57d3df7242e31a6dea6ef919a82e06a
-
SSDEEP
768:GhrxNIkm1OegISRP5RHKl9tI5rMJSPcY0ur8b64W/iIAjSHWUF34BYixxR62E1:IxmkVgqRIe5QcPcHur8iGj+WUFIB7XYz
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
edit.dll
-
Size
6.3MB
-
MD5
4e579141c090b55f8fcfac304bcba923
-
SHA1
69f39a145cc4c99d9e1861b53684c7b3144fff13
-
SHA256
85c2a2e3ee850092e4eb62f7f08165bc4883cd36c30b31dc63b57ccbf5f83fbb
-
SHA512
7223f8891e800c6c2e64ef6b939d7d4aa54ed3efe41f414b72b04ab14abac0a53d77a9bba3caf73b0b34287fcd79d25fce204a4cfd4f2986ae1708fa605ebd32
-
SSDEEP
49152:6jI+/FaA3QOruUbRvAV+g16jzDHvAeOMSoSkW0Ly2lUhNT8298T0w4YcUiImewIh:peNrulq0ov8n90HoIC2D/Gx9q
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
mscorlib.dll
-
Size
237KB
-
MD5
8756e19c13e3efaef79169b1c3abd36b
-
SHA1
3d0b67135f01533268f0f8928ea11378ca2534ca
-
SHA256
2e2248ad1e6d57d1e40a5a67e203ad5644e30aeeb89e318995636be740eaee04
-
SHA512
88089a19e5dc801a3f605e318894c28367d3348b331aebeae95984b80f29c59365a3be42959c71fec11215f6bb40fae96ac3032f688bc80399fa2eac5de3da9a
-
SSDEEP
3072:H3+l7h+CuSWCWz/vgn2EITYU5uQqXc3xgPPfCU57lUqI9oH1d:X+l7UCuSWCY/vgn2EITYU5k5PaKUqua
Score1/10 -