Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NEAS.NEASNEAS999af74298d53155ee08e2bc73d6c9bb38cf36a0962e7d9b0ec2673374889f2disounknownunknown_JC.unknown
-
Size
698KB
-
Sample
231013-v7pfpacd61
-
MD5
78aec04856c175b776c256e23c652de1
-
SHA1
0eea8abc4476dd66cfc5be91cdb336680cf87ab4
-
SHA256
999af74298d53155ee08e2bc73d6c9bb38cf36a0962e7d9b0ec2673374889f2d
-
SHA512
8a77f755b23bdb6f636dd9992bf4b75fa8431b3a3e5d0347f266d0a4af43c7119514f0053f12354bcbf271dc233e46fb2f66030043b516da865dfabbba71b082
-
SSDEEP
12288:PvodG6hpxamLP2YGidPz4GOQ5lz2qE35i83DrQkFXaC2F:PvolhabWxAJ53DrQ+e
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.aci.hn - Port:
587 - Username:
[email protected] - Password:
Rivera@20cr - Email To:
[email protected]
Targets
-
-
Target
10015520.exe
-
Size
638KB
-
MD5
ca3ba834efe42b9989c0625aadfa1071
-
SHA1
d3c607a510e8e45e5e74c58de3da6a8b0946b6f0
-
SHA256
d8204ac509d07bf3dd4113684775ceb188ca79a9d77965a3f31911bb3bdf093d
-
SHA512
adaac20d33fd1b9ce66b0790edf8351d1ebb3fe5e36eb9d59420cda70eb132980e1442ab295af88cc2fe612d2f7827c32c84f4e87f92145e8f2c8226873f9466
-
SSDEEP
12288:xvodG6hpxamLP2YGidPz4GOQ5lz2qE35i83DrQkFXaC2F:xvolhabWxAJ53DrQ+e
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-