Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

Conferma d...79.exe

windows7-x64

10

Conferma d...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Conferma di pagamento 11042022 0039995866 567785687979.gz

  • Size

    763KB

  • Sample

    221104-w8b3eshgf9

  • MD5

    a66b9092097d9335e9be7ecb6e2255d7

  • SHA1

    c4865a51f0b1a8bbeedeb16094d83a59476fa03e

  • SHA256

    e026c3500e5f119b24365a155badf2f3ee1fafb9664db2729ab04733b9110599

  • SHA512

    238a828986a8c000e3c2fb09cc04a30b580279b5d5545aab976560c4128b46848276d669d4f303ba8fc02ee92d399c0a6c3797deaab0c168ae8fa37bb85bbdad

  • SSDEEP

    12288:yOucvR2B/0ghq6m2oTXzIT8R5OiZB4ZHHziKZptHug8uV/vTuhbqujA0EsG4kQ3r:VucvR2bhqJHET8R5Oi8ZHH2K58uqFquf

Score
10/10
agentteslacollectionkeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.mgcpakistan.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    boygirl123456

Targets

    • Target

      Conferma di pagamento 11042022 0039995866 567785687979.exe

    • Size

      1022KB

    • MD5

      936a3a2a3a3b00b10c23ced7360ed9d7

    • SHA1

      4314a75a88df33e5d25663acbbeedb66bbcfe808

    • SHA256

      b2d2e3a6a8a80da11ebbab727216140a5f68243136c8da4c31cefdfdc4669253

    • SHA512

      593d12e971320360ec07451d1e11547e615f5ea31e885758954255890f7dcc0ceee19808b099347e2c6a2cec8feadd31c424520cb51f2179b20bb7d941be78ed

    • SSDEEP

      24576:svt27hqJx8T6RLOKQZHJQiV8KcFK0DKDsGYy8TAqbD:sYNqcTeOKQZpzGDfTD

    Score
    10/10
    agentteslacollectionkeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks