Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TEKLİF TALEP VE FİYAT TEKLİFİ_PDF.exe
-
Size
1016KB
-
Sample
231128-jzg6vsgd9v
-
MD5
28359695dcd722cd8ad82c6399825aa5
-
SHA1
db7620a226726208f465b39c8d73129c163e4a4e
-
SHA256
701182a3bb091638880b26c0d72edb8112862b127ed91f7d948918aeb427a471
-
SHA512
0387811d179f6e080cd779906a95ce9eeddcb2e9637621f7ad33e2f11a26c202d9ab1978417976f2c0a643fc54b7de233f3e2940e73249a7fc15e8c1a89188a6
-
SSDEEP
24576:8cOgfYxh9Je8INg9HY6rkPB3hoHEJZB/O6:jJf4Je69HYZhoHEJzB
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cp5ua.hyperhost.ua - Port:
587 - Username:
[email protected] - Password:
7213575aceACE@#$ - Email To:
[email protected]
Targets
-
-
Target
TEKLİF TALEP VE FİYAT TEKLİFİ_PDF.exe
-
Size
1016KB
-
MD5
28359695dcd722cd8ad82c6399825aa5
-
SHA1
db7620a226726208f465b39c8d73129c163e4a4e
-
SHA256
701182a3bb091638880b26c0d72edb8112862b127ed91f7d948918aeb427a471
-
SHA512
0387811d179f6e080cd779906a95ce9eeddcb2e9637621f7ad33e2f11a26c202d9ab1978417976f2c0a643fc54b7de233f3e2940e73249a7fc15e8c1a89188a6
-
SSDEEP
24576:8cOgfYxh9Je8INg9HY6rkPB3hoHEJZB/O6:jJf4Je69HYZhoHEJzB
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-