Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1_JC.exe
-
Size
336KB
-
Sample
231011-gnsgcafd92
-
MD5
93aba80ef8c7ce6282497c48e7e7ccd8
-
SHA1
9428c1e4109c62f71fa850469a2f4374f09574f1
-
SHA256
f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1
-
SHA512
85c4fa44e3d49b04870c54ec10cc7541e7273eeb0a2e29cf6c4ef08e48fcd6cee5180bcda96074ebe95bcf86a60e59d22ca7762c0e1d9cfa791e5d45d941b319
-
SSDEEP
3072:lDKW1LgppLRHMY0TBfJvjcTp5XZonONL1Y111111405kKjdYz6m1hKbe:lDKW1Lgbdl0TBBvjc/ZogLXax27ib
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.marinasands.gr - Port:
587 - Username:
[email protected] - Password:
;lHJ#%M!iBh- - Email To:
[email protected]
Targets
-
-
Target
f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1_JC.exe
-
Size
336KB
-
MD5
93aba80ef8c7ce6282497c48e7e7ccd8
-
SHA1
9428c1e4109c62f71fa850469a2f4374f09574f1
-
SHA256
f4fbe44601948e2474ebb35261952b08fcf51a2b98cf79ec0a27fd39bda651f1
-
SHA512
85c4fa44e3d49b04870c54ec10cc7541e7273eeb0a2e29cf6c4ef08e48fcd6cee5180bcda96074ebe95bcf86a60e59d22ca7762c0e1d9cfa791e5d45d941b319
-
SSDEEP
3072:lDKW1LgppLRHMY0TBfJvjcTp5XZonONL1Y111111405kKjdYz6m1hKbe:lDKW1Lgbdl0TBBvjc/ZogLXax27ib
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-