General
-
Target
hesaphareketi_21_04_2025_500kb pdf________________________________________________________________________pdf__.exe
-
Size
960KB
-
Sample
250423-jz41mawjs5
-
MD5
c8f00111484803164ab38916b974c798
-
SHA1
9c377ed61e4a6d67fa8dbd795963187f95163864
-
SHA256
5271c1a2883919c00e117de2efd6832ebbac3faf78dd2bf79641a550dd244398
-
SHA512
b2694e1a69ac71a85c0b39e844a6a777e7742014746deee9d159b8939f80953a2d43299790e999752ff03c72309729ebc59b49fcdb62d547a18c8760cc451047
-
SSDEEP
24576:BWpdJWzqmms8WSX5KVTWzkFCDFKS/EHy9Ls9hu8l0M:GHGfmsvw4wzNZJGy9L8hjl0
Malware Config
Extracted
Protocol: ftp- Host:
ftp.dorasanat.com.tr - Port:
21 - Username:
[email protected] - Password:
#9e{{YWsO?~I
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.dorasanat.com.tr - Port:
21 - Username:
[email protected] - Password:
#9e{{YWsO?~I
Targets
-
-
Target
hesaphareketi_21_04_2025_500kb pdf________________________________________________________________________pdf__.exe
-
Size
960KB
-
MD5
c8f00111484803164ab38916b974c798
-
SHA1
9c377ed61e4a6d67fa8dbd795963187f95163864
-
SHA256
5271c1a2883919c00e117de2efd6832ebbac3faf78dd2bf79641a550dd244398
-
SHA512
b2694e1a69ac71a85c0b39e844a6a777e7742014746deee9d159b8939f80953a2d43299790e999752ff03c72309729ebc59b49fcdb62d547a18c8760cc451047
-
SSDEEP
24576:BWpdJWzqmms8WSX5KVTWzkFCDFKS/EHy9Ls9hu8l0M:GHGfmsvw4wzNZJGy9L8hjl0
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-