Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
071BF4F3F134C97AC9F34772D2EB873FC8F2A539B6009D7B914DC4A3B0B7CC48
-
Size
553KB
-
Sample
230518-cfv52shc67
-
MD5
a8dd2c5eab6ae74bdfe84450ea58a0ce
-
SHA1
a2eb77e4a8f383f2f1e7d1ab1a9e1042ae6f1cf3
-
SHA256
071bf4f3f134c97ac9f34772d2eb873fc8f2a539b6009d7b914dc4a3b0b7cc48
-
SHA512
fe2d0296e1e42ff3112e9dd23180f5fcca96bbf3b46f0435cbad5617d282a192603fcfc75eabab94a840d0b281f6af1b5a2ec596169af441d3ce6f214773cb60
-
SSDEEP
12288:pe3o5/nCgU7VCL1p6q6DTjlzG2lpg8b1rrpLT8Fuycokylyy3:peo5/kxCL1gT42lBBrpLQFuydkyUI
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.corpsa.net - Port:
587 - Username:
[email protected] - Password:
[+{mHgVpgTGe - Email To:
[email protected]
Targets
-
-
Target
recibo de pago OC456337.jpg.exe
-
Size
592KB
-
MD5
3461fd2c8482af651b818f61dd049e42
-
SHA1
b4dc69de92f2cf210c615e6ec506d3a1d21aa777
-
SHA256
3a33384b0027c321a9643ba9428d7227aa6b4401e3882f91cc93539590500411
-
SHA512
d18de0295cacc0286b65eb90202b8f0d4cedf233e552c4c13e48b092014ddb2a955203a0d6f8fa080388cd384703c75ad8a029cf1e5378559a5e5ec827655bcc
-
SSDEEP
12288:Cf2iNeUDMY+SnwYmTzsht19PL3MyE+q8IZroJWURe/hN2dVzXYt:Cf1AUDX+RFshbJ8yE+iFoJWEeZN2dxY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-