Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
rOrden00095746exe.exe
-
Size
1.1MB
-
Sample
240109-xbbk3ahaf8
-
MD5
aef03a204faf2cfa386c87b771f5af4b
-
SHA1
f83fae445c4bd160494438f5e04b5ad4ff426266
-
SHA256
f47c028b576f0510c5a5ecee522789eccef66ac59d3d60e7b4c91ef0841e9730
-
SHA512
bfa22f478952af5f43301620c9c3eac08ebd60b583e62a29d1f514d44ab55776a23b871e788a8b7eca3a7973ee38a2e05421f4879fb8b4fcf52cad29beca8dbc
-
SSDEEP
24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aEJT/UP58mv1Dw:8TvC/MTQYxsWR7aEJTYXv1
Static task
static1
Behavioral task
behavioral1
Sample
rOrden00095746exe.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
rOrden00095746exe.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
rOrden00095746exe.exe
-
Size
1.1MB
-
MD5
aef03a204faf2cfa386c87b771f5af4b
-
SHA1
f83fae445c4bd160494438f5e04b5ad4ff426266
-
SHA256
f47c028b576f0510c5a5ecee522789eccef66ac59d3d60e7b4c91ef0841e9730
-
SHA512
bfa22f478952af5f43301620c9c3eac08ebd60b583e62a29d1f514d44ab55776a23b871e788a8b7eca3a7973ee38a2e05421f4879fb8b4fcf52cad29beca8dbc
-
SSDEEP
24576:8qDEvCTbMWu7rQYlBQcBiT6rprG8aEJT/UP58mv1Dw:8TvC/MTQYxsWR7aEJTYXv1
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-