Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.20428.19681.exe
-
Size
1.0MB
-
Sample
230824-avmfcaac2t
-
MD5
491b63e4c16276ea4c0243ac10af83dd
-
SHA1
d831494c534cd37db611b3797054cb56a793252d
-
SHA256
40a34182fa64bc0b2af90a2c24affa6a41b977b701d5007c74d877a3b2b46104
-
SHA512
d9d2ea0a736d5db07aabfa93b439809486878c58c1b6694f95815448871978f7d68f41ab72a6e3ff914507489c85af5627b9464ededba3816b87e79a227c2588
-
SSDEEP
24576:UcU/Sns7rTGb+bRMcJgwBFLLSaQnIseB7Eila9Bw2jgkcY9j:iF3XQn1eeimwCgnY
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.quartieri97italy.com.ng - Port:
587 - Username:
[email protected] - Password:
Chimezie@12 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.CrypterX-gen.20428.19681.exe
-
Size
1.0MB
-
MD5
491b63e4c16276ea4c0243ac10af83dd
-
SHA1
d831494c534cd37db611b3797054cb56a793252d
-
SHA256
40a34182fa64bc0b2af90a2c24affa6a41b977b701d5007c74d877a3b2b46104
-
SHA512
d9d2ea0a736d5db07aabfa93b439809486878c58c1b6694f95815448871978f7d68f41ab72a6e3ff914507489c85af5627b9464ededba3816b87e79a227c2588
-
SSDEEP
24576:UcU/Sns7rTGb+bRMcJgwBFLLSaQnIseB7Eila9Bw2jgkcY9j:iF3XQn1eeimwCgnY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-