Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SOA.r17.rar
-
Size
875KB
-
Sample
230316-pg6z6aag39
-
MD5
90e2482a519ec2d02a4db4888b3193bb
-
SHA1
26d8069271885576e27aa5b5fc24220056b6a1a3
-
SHA256
09598204779ca795f90a8d2a67d000a0e5114f39dadecbac9876708411a66be2
-
SHA512
a74d7fc69e2bcfb1d179b41ffe022db9c293cf8b7e3ee024936c23f91ad2bb761ac613c351c42105a663bcdad89dc816b1cf348887db880caf500b979ddd2a11
-
SSDEEP
24576:EnSjIDYviBMvISebmDS8ZLmpJAy+Ua2HpR43sgKov:xjBwsISk8ZivAbUH743f5
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.exceltruea.com - Port:
587 - Username:
[email protected] - Password:
bl es si ng 2 0 2 3 - Email To:
[email protected]
Targets
-
-
Target
SOA.exe
-
Size
1018KB
-
MD5
4c42eddf8e0b591f17f32228fbf97ac0
-
SHA1
7bddcb37e6545407223afe3cc708e2675784686c
-
SHA256
49b6270664cf79165e32c67e4bfdbc258ffe55bbc7e56475918e4760172bcf49
-
SHA512
69fd997c0b89e38806dba26aa9582c341c40bd5520d752e9987317ef3d3fa7485700aa4e7be8680d11ddc9ca99bb87ab2c770e0f2c61f281d8993d7153c1734b
-
SSDEEP
24576:1DM4JTRy4BMOeBkZ0VV1Xk5ghoVeTCXqqDf0S:144FRy4BMZkg25QAlXbgS
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-