Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Shipping documents.exe
-
Size
766KB
-
Sample
230613-j1vtcafe36
-
MD5
ab591aaa0e47244fa0c60356f1a78c0d
-
SHA1
0fe71eee757c664b905e99930ca946d2bfa62c5d
-
SHA256
a75cc6c61c37543596e278999caa8d38a27025d599f050bcb7846f15e291c0ba
-
SHA512
ed738ff63d5e7e1248a841d8b8c2bb6f2d0712fd9b266081ed4248a5df23237f200952a0a5528fedc1c3c1ba2880fd69cad536703b7778334588742e56332956
-
SSDEEP
6144:a2a/a8iGXY5chxp43EkveOqs/OQlBTI+uYTxxEk9Ebm7WRzoAS8s45SwkPt4iuRy:a2Ki3okv55TZuIx/9HiRzFGpwk14isU
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.exceltruea.com - Port:
587 - Username:
[email protected] - Password:
bl es si ng 2 0 2 3 - Email To:
[email protected]
Targets
-
-
Target
Shipping documents.exe
-
Size
766KB
-
MD5
ab591aaa0e47244fa0c60356f1a78c0d
-
SHA1
0fe71eee757c664b905e99930ca946d2bfa62c5d
-
SHA256
a75cc6c61c37543596e278999caa8d38a27025d599f050bcb7846f15e291c0ba
-
SHA512
ed738ff63d5e7e1248a841d8b8c2bb6f2d0712fd9b266081ed4248a5df23237f200952a0a5528fedc1c3c1ba2880fd69cad536703b7778334588742e56332956
-
SSDEEP
6144:a2a/a8iGXY5chxp43EkveOqs/OQlBTI+uYTxxEk9Ebm7WRzoAS8s45SwkPt4iuRy:a2Ki3okv55TZuIx/9HiRzFGpwk14isU
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-