Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
faf2715b604f9fb6f5774483b2e719220b8dab2d3ac3ced882b991c0220f5a04
-
Size
323KB
-
Sample
230509-g3cdnsgd71
-
MD5
282da519a6b85649d64ec53f9943d4b1
-
SHA1
18b1001d2caf463778507fc16ef290bc5bc04620
-
SHA256
faf2715b604f9fb6f5774483b2e719220b8dab2d3ac3ced882b991c0220f5a04
-
SHA512
c85533c0eba8e369c60a948553e1dd29d7fdd1e7149ea040c3feedaae260bbe9e4f64c144d34b8fd176b7de5eae7597f6c7c2e80871fc28197da992a5341aaa5
-
SSDEEP
6144:/Ya635XwYp7ZepeoEI9AYoaITHp1PDA5qFxKnvRM7hcX5H:/Yl5XwYpcgojrgbLA5sxKn5Msh
Malware Config
Targets
-
-
Target
faf2715b604f9fb6f5774483b2e719220b8dab2d3ac3ced882b991c0220f5a04
-
Size
323KB
-
MD5
282da519a6b85649d64ec53f9943d4b1
-
SHA1
18b1001d2caf463778507fc16ef290bc5bc04620
-
SHA256
faf2715b604f9fb6f5774483b2e719220b8dab2d3ac3ced882b991c0220f5a04
-
SHA512
c85533c0eba8e369c60a948553e1dd29d7fdd1e7149ea040c3feedaae260bbe9e4f64c144d34b8fd176b7de5eae7597f6c7c2e80871fc28197da992a5341aaa5
-
SSDEEP
6144:/Ya635XwYp7ZepeoEI9AYoaITHp1PDA5qFxKnvRM7hcX5H:/Yl5XwYpcgojrgbLA5sxKn5Msh
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-