Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
DHL_Doc.rar
-
Size
512KB
-
Sample
230801-k2cjtseg72
-
MD5
dc9e352339341f7d1cdd9ec6e7e5e07c
-
SHA1
e7c28f102c9d7daac9993c9bbf63a84c9a9da326
-
SHA256
acbf15c97bf58b8232d5446cf977c31442d239153b5eed6d44273b85212d754e
-
SHA512
897419e99ca5e3a54c8dc578a6bc2b8768d8c62c55b32e7da4f833a3a5e473c165eab47de0639193442be8ee820590bb779ad9f8c5c869d1bedb2f000d370eee
-
SSDEEP
12288:VPiX6cGV4ZK7TWdH3ArXa7YGJ+xW34ny4StfGsAa:Vi6pCKOdHwGxgxWHJfGsAa
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
a))gNHA3 - Email To:
[email protected]
Targets
-
-
Target
DHL_Doc.exe
-
Size
555KB
-
MD5
d0a1d49d933944acae0f8a5f357f3afe
-
SHA1
758867fed338a4fe9ebde2b252fb17ea99e4e2cb
-
SHA256
e163660f2b270299aa1ff5846e0b7b8d9eac1f91ad2d3f5cfe3cfc261123bdcf
-
SHA512
9862f092f38ffc1c42e2600361e34ae8f1e9f0507035150ed54fda6b0bbf0168de427fbf2047fbea800f30b142e7aa77eb9b0517b79ae3453bd8f036aad19085
-
SSDEEP
12288:NlVv6NZcuDVsfhoTEJy9HcuJomeGJd68pxW7sJBqhjiYqOLt+icsVB:1Cvc6+fST8G8zm/cGM7sJBqhe3mtG
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-