Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b
-
Size
234KB
-
Sample
231208-c2r1hsgg66
-
MD5
a2d1a58f5ce44cab11865085de306c50
-
SHA1
212505087b5c3bc7227433b04a9c89f1d2bc383d
-
SHA256
95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b
-
SHA512
e929f27110e4b3f4d1f758775b72a5d68c27038632bac6fb3abd5dab3bdafb48fc000a950977476901d4c8da72adbadbc1db5431ffb62146abbafb04e8b75b31
-
SSDEEP
3072:izZlx1JDgntYBAdbTgB2DRcWNdysHG5tLUQf4e:OZlx1JDgntSubTgB2mWvyC9Qg
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.sgbumperscar.com - Port:
587 - Username:
ptt-dennis@sgbumperscar.com - Password:
cunduy123456789 - Email To:
s4tivar@yandex.com
Extracted
Protocol: smtp- Host:
mail.sgbumperscar.com - Port:
587 - Username:
ptt-dennis@sgbumperscar.com - Password:
cunduy123456789
Targets
-
-
Target
95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b
-
Size
234KB
-
MD5
a2d1a58f5ce44cab11865085de306c50
-
SHA1
212505087b5c3bc7227433b04a9c89f1d2bc383d
-
SHA256
95bcdb36ea04ac618c085d218c16e994eb39080ea9e81024cd346c75fa83438b
-
SHA512
e929f27110e4b3f4d1f758775b72a5d68c27038632bac6fb3abd5dab3bdafb48fc000a950977476901d4c8da72adbadbc1db5431ffb62146abbafb04e8b75b31
-
SSDEEP
3072:izZlx1JDgntYBAdbTgB2DRcWNdysHG5tLUQf4e:OZlx1JDgntSubTgB2mWvyC9Qg
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-