Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
afad92aadebdb6f56095db58259144d8.bin
-
Size
504KB
-
Sample
230504-cbwk1she84
-
MD5
e87f963c447ace45571eb37473913005
-
SHA1
3705fb9b1edb3b1b75ffbfc0f1bae3b6cecf183a
-
SHA256
414a794ce8428105131f7dedca430fcf38c01da4f28d76e670345f80414cc054
-
SHA512
91d3deedbbf6f4ecf058d649d286d0cdce405c17008fc90d6b2717d789f670b455e7961cbbf58daec381532f7c4c4b8d4bd6aae0d58c33e6a65ac6fdb2783d00
-
SSDEEP
12288:yhmUFYFniJPAXdX8lQY2tCmOvCnc1KzZ8FvwsWVh+6J8raNF/w:yhmUFM5dMlQY22iqwsKh+YF4
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
pyyyhreafpwghuxn - Email To:
[email protected]
Targets
-
-
Target
cce03ee9cac9ccbacb587c0fb5426aa0435a9e1278d0d5472ab0ae06139687ed.exe
-
Size
581KB
-
MD5
afad92aadebdb6f56095db58259144d8
-
SHA1
bbb5d8761ede6a1e546fc4ef1475f8dd9f96a281
-
SHA256
cce03ee9cac9ccbacb587c0fb5426aa0435a9e1278d0d5472ab0ae06139687ed
-
SHA512
53c41d584f6d59adadf66fb3d0df61314d956f5f1bf6f178ac66bffa2bc490734fb4f0df86c7a971b5becacb627305e90f47ee2ad58d4dae395dd0b4870a876f
-
SSDEEP
12288:7gZmvFtZnvpXyLnoNScEnURpSL0zBCOcv3Urqxqtx/qcPP76:ImvZnv8LoI3ypSQzBCvvkrqkRm
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-