Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
98c140b482c040e7e9bfb991d7b817ff64bb416f9c7d1089246382b04a0276df
-
Size
657KB
-
Sample
230922-lapkrafb7w
-
MD5
dfc0f01311be209f96d21f03d357c3b8
-
SHA1
39246a932c5c5ace5a2af894838a104a25bba96d
-
SHA256
98c140b482c040e7e9bfb991d7b817ff64bb416f9c7d1089246382b04a0276df
-
SHA512
3e554ca4055e2f09718d2f730536f125762c61063bf0b97a74b065508d9299954f8fa8adce8b9f21d342ab54c255732815ba5e966d0feb2f673abdef78099676
-
SSDEEP
12288:ntHdZerD6YRFz1e0lcZiSI9GEp552pASTboSn91kHkXQRZpD1q0:lUDDDg2ME9PfcpASTM++G2pD1
Static task
static1
Behavioral task
behavioral1
Sample
98c140b482c040e7e9bfb991d7b817ff64bb416f9c7d1089246382b04a0276df.exe
Resource
win10-20230915-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
98c140b482c040e7e9bfb991d7b817ff64bb416f9c7d1089246382b04a0276df
-
Size
657KB
-
MD5
dfc0f01311be209f96d21f03d357c3b8
-
SHA1
39246a932c5c5ace5a2af894838a104a25bba96d
-
SHA256
98c140b482c040e7e9bfb991d7b817ff64bb416f9c7d1089246382b04a0276df
-
SHA512
3e554ca4055e2f09718d2f730536f125762c61063bf0b97a74b065508d9299954f8fa8adce8b9f21d342ab54c255732815ba5e966d0feb2f673abdef78099676
-
SSDEEP
12288:ntHdZerD6YRFz1e0lcZiSI9GEp552pASTboSn91kHkXQRZpD1q0:lUDDDg2ME9PfcpASTM++G2pD1
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-