Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
test.exe
-
Size
734KB
-
Sample
230607-ve4pxadc23
-
MD5
005c45c7069070fe6ad1f112a16f135c
-
SHA1
a023833da6bc0ecbaa674be65bdfd75b0df7b9bb
-
SHA256
fd987d623939a8b69f25a2b8350fb6e76a51e77545add40658fc60f00950d625
-
SHA512
fef81ef730e17f1a71f47c2c75be4f25c31a66f2d372fc4a249546c0234c37034627d070412c0a62c492bdfb9a0d0930e1e9ad9489d6c79642c65d28c8dfeb9e
-
SSDEEP
12288:5XiGDGvPSL84r6h7okw3DmKyhouWMNR5ZcnFzFJ+RsuDv5YQVqsjKx:5XvDGCLbr6h73klHuZ2nFf+RJvuQF4
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5954474519:AAEGnfW1mRvGRxq-zIAvwJfpKEbhLLiqVaM/
Targets
-
-
Target
test.exe
-
Size
734KB
-
MD5
005c45c7069070fe6ad1f112a16f135c
-
SHA1
a023833da6bc0ecbaa674be65bdfd75b0df7b9bb
-
SHA256
fd987d623939a8b69f25a2b8350fb6e76a51e77545add40658fc60f00950d625
-
SHA512
fef81ef730e17f1a71f47c2c75be4f25c31a66f2d372fc4a249546c0234c37034627d070412c0a62c492bdfb9a0d0930e1e9ad9489d6c79642c65d28c8dfeb9e
-
SSDEEP
12288:5XiGDGvPSL84r6h7okw3DmKyhouWMNR5ZcnFzFJ+RsuDv5YQVqsjKx:5XvDGCLbr6h73klHuZ2nFf+RJvuQF4
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-