Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DHL Original Documents.exe
-
Size
1.5MB
-
Sample
230214-w2ly2sef5x
-
MD5
37db5181e973d4d7f9c44ff2a2b80f01
-
SHA1
1e4d62ddeb63fb6402efa812c59ab3a787282d6f
-
SHA256
27d3d5fe5fba171eb2244f07692441be38c7308507b446977a377bff17bb5904
-
SHA512
2bad9e74c49d5715b5438c0facaa81493c167f3b311c9a1f1ce7d8f0ea70d1f09d0e49ebfa56cf220bc5bb4546f050875e0bb8e76bd680e226b74480835ec7a9
-
SSDEEP
24576:+fFQddjdaB8OWqN0ujXGEJUuLp2avBh4kUaOY7zEGOmth0tgo5fnv/:+tiG8OjqujXx/LgavBSkUI7yuh0tgk/
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aficofilters.com.eg - Port:
587 - Username:
[email protected] - Password:
mhds@852 - Email To:
[email protected]
Targets
-
-
Target
DHL Original Documents.exe
-
Size
1.5MB
-
MD5
37db5181e973d4d7f9c44ff2a2b80f01
-
SHA1
1e4d62ddeb63fb6402efa812c59ab3a787282d6f
-
SHA256
27d3d5fe5fba171eb2244f07692441be38c7308507b446977a377bff17bb5904
-
SHA512
2bad9e74c49d5715b5438c0facaa81493c167f3b311c9a1f1ce7d8f0ea70d1f09d0e49ebfa56cf220bc5bb4546f050875e0bb8e76bd680e226b74480835ec7a9
-
SSDEEP
24576:+fFQddjdaB8OWqN0ujXGEJUuLp2avBh4kUaOY7zEGOmth0tgo5fnv/:+tiG8OjqujXx/LgavBSkUI7yuh0tgk/
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detect rhadamanthys stealer shellcode
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-