Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New_Order_52343463.pdf.exe
-
Size
691KB
-
Sample
230628-sk2rdsba81
-
MD5
202879ae3880ef4287f8158570b7719a
-
SHA1
df2c3dd623be7b8f31b7f2bd8a5725973058b755
-
SHA256
2685ea1f640c12172fb5e136a624f56fd904627b6523a75c7f9357c0313ec518
-
SHA512
26b64df7d1e085300d8c7b3cdd993a4368482b5f3c198a45e095c5191fdb4fc9302f46566ec3beb7a391fafc430f0cc66d9773d810694f597de154b9d1499368
-
SSDEEP
12288:bcj6lrSWVmXx/tQm4nUI4rEZHpNWrCXJEwdIbi0odN1y:I4rfVmBOm4UcVMCXewaoHA
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JUGCRsm9 - Email To:
[email protected]
Targets
-
-
Target
New_Order_52343463.pdf.exe
-
Size
691KB
-
MD5
202879ae3880ef4287f8158570b7719a
-
SHA1
df2c3dd623be7b8f31b7f2bd8a5725973058b755
-
SHA256
2685ea1f640c12172fb5e136a624f56fd904627b6523a75c7f9357c0313ec518
-
SHA512
26b64df7d1e085300d8c7b3cdd993a4368482b5f3c198a45e095c5191fdb4fc9302f46566ec3beb7a391fafc430f0cc66d9773d810694f597de154b9d1499368
-
SSDEEP
12288:bcj6lrSWVmXx/tQm4nUI4rEZHpNWrCXJEwdIbi0odN1y:I4rfVmBOm4UcVMCXewaoHA
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-