Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RLIC RFQ FOR CHAIN LINK FENCE.zip
-
Size
520KB
-
Sample
231031-sb3bkacb82
-
MD5
84c33851f57d1f8d94c317cfc3745182
-
SHA1
a53a213f1eae82c8d0c6f71a42fdf490c5308343
-
SHA256
f4ec6e10dc8b2006cb4fee5a9b2bab9cdcd75d10d9a3f28d565de5c6ed24c039
-
SHA512
33d0783a5b0b88e5b3cd437fa5458f603e96de3088d6879bf6e739cd1fa130ae0a31be89624771d37fb3c9d4d5a696af71336f4b36a48f7851563d20fc9cdc6c
-
SSDEEP
12288:Tcofy8TXZMEpXs0zLvUPbGcVHxHdIhGGVQCY09szPV/caek6BY:4OBzrMCcVtdqGQVszPV9p
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
business62.web-hosting.com - Port:
587 - Username:
[email protected] - Password:
[email protected] - Email To:
[email protected]
Targets
-
-
Target
RLIC RFQ FOR CHAIN LINK FENCE.exe
-
Size
720KB
-
MD5
5e6e12f469bfbccccc8230e0b273af46
-
SHA1
c47f43a407ded9fcf8c2e8c77231f8ee3f719f1f
-
SHA256
555c988f8053478d8dfa7aa879a1ffb483fb4a30c32eee979c9ea82dcb489197
-
SHA512
3df37aafb586d121988af555fff491b3a4c20c12f596b0ae9cd4411e01175744525f05fedf91961abd3166fc3ced3735086d3e715fdabe32801227cd03ba10a1
-
SSDEEP
12288:1fyqTX/MaLX00zFTu7Xq2BS1fagiBohSdAk620NX1roRJ:tnz566BfagiBoSdAk62gXqRJ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-