Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Credit Note.pdf.exe
-
Size
567KB
-
Sample
230208-kv19lshc7z
-
MD5
75e1d17c8431d6b7d840fcdfe0dd9a2d
-
SHA1
3a71b6a0b1e6bdfbe6b3ed9624f17f504072f068
-
SHA256
efa920373efaa4bd26fb1704e6ea6cb05ed8e91b5e552db7ff2a7764ace07758
-
SHA512
f6e9ed253e735bfd95392914d33eacd0c70057e1335b6f2564ba7d40455bec2249bb842042b866bf35c9364383ea8882adb20cd1d26f780e08dfb35d88bc9777
-
SSDEEP
12288:9cBXiEZz7yDne7f4WYMTyPdLX2tuCAe/ZXazVt1Ek6ugpRZN7gNFSxCDH:uRJe7MTyPdLX2tuCAe/ZXazSkKacxC
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ppecindia.com - Port:
587 - Username:
[email protected] - Password:
accounts@123$ - Email To:
[email protected]
Targets
-
-
Target
Credit Note.pdf.exe
-
Size
567KB
-
MD5
75e1d17c8431d6b7d840fcdfe0dd9a2d
-
SHA1
3a71b6a0b1e6bdfbe6b3ed9624f17f504072f068
-
SHA256
efa920373efaa4bd26fb1704e6ea6cb05ed8e91b5e552db7ff2a7764ace07758
-
SHA512
f6e9ed253e735bfd95392914d33eacd0c70057e1335b6f2564ba7d40455bec2249bb842042b866bf35c9364383ea8882adb20cd1d26f780e08dfb35d88bc9777
-
SSDEEP
12288:9cBXiEZz7yDne7f4WYMTyPdLX2tuCAe/ZXazVt1Ek6ugpRZN7gNFSxCDH:uRJe7MTyPdLX2tuCAe/ZXazSkKacxC
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-