General
-
Target
30.06.2020 Account Ekstre Bilgileri.exe
-
Size
478KB
-
Sample
200630-zqv2cys2se
-
MD5
540c76cbc3e64619e28d0a65f509d328
-
SHA1
57cb9704a67a7325e881d66cad206c31d52cd06b
-
SHA256
ef3cc252a620298fe8af185c7648888f992ac6cf8d7c299b8abe97b299533633
-
SHA512
2c753fd248d3b338542cc3d30acfc36d75537f4567bd275945df29562cd26c7aee4be8eee211cba61edaea6dcf4eaafb4641cfeac44fedfe2e12e6c176849b15
Static task
static1
Behavioral task
behavioral1
Sample
30.06.2020 Account Ekstre Bilgileri.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
30.06.2020 Account Ekstre Bilgileri.exe
Resource
win10
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ereglitso.org.tr - Port:
587 - Username:
hulya.torum@ereglitso.org.tr - Password:
=itbvqD+KGPp
Targets
-
-
Target
30.06.2020 Account Ekstre Bilgileri.exe
-
Size
478KB
-
MD5
540c76cbc3e64619e28d0a65f509d328
-
SHA1
57cb9704a67a7325e881d66cad206c31d52cd06b
-
SHA256
ef3cc252a620298fe8af185c7648888f992ac6cf8d7c299b8abe97b299533633
-
SHA512
2c753fd248d3b338542cc3d30acfc36d75537f4567bd275945df29562cd26c7aee4be8eee211cba61edaea6dcf4eaafb4641cfeac44fedfe2e12e6c176849b15
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-