Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1808-74-0x0000000000400000-0x000000000043F000-memory.dmp
-
Size
252KB
-
Sample
230502-phpghaba57
-
MD5
8bbab7418675d72363d03ae209dad5cb
-
SHA1
09b417d68a4dc7bc8463740f89f14e7dc0c76c43
-
SHA256
b6f696764f50b5fddc8204a9b35053da3a097dc54cf8e740635e042bbee0419c
-
SHA512
6a5073a5beaa0f64876bb4f0f2de1a81a09d3b73114673866f817fe2b29a100fa72f58dfcc3f67339b8b1e503a99c9789c37e0800c88cf75c01f380270acfb0f
-
SSDEEP
3072:DefNOSBdA1t90TAaZWm3mG9KRrpU2uTBhlVqUjfwye+POmW++no//M:ZSqzWV2J22WBjVRzNDOTN
Malware Config
Targets
-
-
Target
1808-74-0x0000000000400000-0x000000000043F000-memory.dmp
-
Size
252KB
-
MD5
8bbab7418675d72363d03ae209dad5cb
-
SHA1
09b417d68a4dc7bc8463740f89f14e7dc0c76c43
-
SHA256
b6f696764f50b5fddc8204a9b35053da3a097dc54cf8e740635e042bbee0419c
-
SHA512
6a5073a5beaa0f64876bb4f0f2de1a81a09d3b73114673866f817fe2b29a100fa72f58dfcc3f67339b8b1e503a99c9789c37e0800c88cf75c01f380270acfb0f
-
SSDEEP
3072:DefNOSBdA1t90TAaZWm3mG9KRrpU2uTBhlVqUjfwye+POmW++no//M:ZSqzWV2J22WBjVRzNDOTN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-