Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2240ffa89dd78ee632e5b3cba2ee1752.bin
-
Size
566KB
-
Sample
230503-bgvegadb92
-
MD5
2240ffa89dd78ee632e5b3cba2ee1752
-
SHA1
20835491982298bedf1548d1e3d2568f0450cd8d
-
SHA256
e8bc1fa2b809ab8be04a697cde6ddd4bad7a9120c60b3793f76d5fcc17d7423e
-
SHA512
0cf7daedee1e3970b1dd77aab3bc981b2214c538380134ce60100650a5744fa5934d58725d670a0cd0a673651ddd7d5750e781fffcfa5972ce47687d8cb7bca3
-
SSDEEP
12288:x3RsoKsa9PwTY81ldzx8T510mftHshrFNvFXcxACYZ:xBQeY81ldCL0zhrjvyACu
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.amwi.net - Port:
587 - Username:
[email protected] - Password:
7_2se8Gr - Email To:
[email protected]
Targets
-
-
Target
2240ffa89dd78ee632e5b3cba2ee1752.bin
-
Size
566KB
-
MD5
2240ffa89dd78ee632e5b3cba2ee1752
-
SHA1
20835491982298bedf1548d1e3d2568f0450cd8d
-
SHA256
e8bc1fa2b809ab8be04a697cde6ddd4bad7a9120c60b3793f76d5fcc17d7423e
-
SHA512
0cf7daedee1e3970b1dd77aab3bc981b2214c538380134ce60100650a5744fa5934d58725d670a0cd0a673651ddd7d5750e781fffcfa5972ce47687d8cb7bca3
-
SSDEEP
12288:x3RsoKsa9PwTY81ldzx8T510mftHshrFNvFXcxACYZ:xBQeY81ldCL0zhrjvyACu
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-