Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
rRecibodeenvoexe.exe
-
Size
1.2MB
-
Sample
240111-y2j6kagdh9
-
MD5
fa4fb29d644b32739bc6a3e1537264da
-
SHA1
f3812509497dabf75be081efc13b183eeef3c1a3
-
SHA256
e7236fe777e772afa5fe027e6013318ae8724059ee3d05101771d4528e7fc5b6
-
SHA512
7ac6c573658b311c5bf885a143036b62118af73e7cb13d5b908674c5cacce89ff61b56f862083aca1d5f7c9d5b2f38a8bcee80cb334b97411ee9c8b885aea1ef
-
SSDEEP
24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8awUh9H16gR7:hTvC/MTQYxsWR7atr
Static task
static1
Behavioral task
behavioral1
Sample
rRecibodeenvoexe.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
rRecibodeenvoexe.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.siscop.com.co - Port:
21 - Username:
[email protected] - Password:
+5s48Ia2&-(t
Targets
-
-
Target
rRecibodeenvoexe.exe
-
Size
1.2MB
-
MD5
fa4fb29d644b32739bc6a3e1537264da
-
SHA1
f3812509497dabf75be081efc13b183eeef3c1a3
-
SHA256
e7236fe777e772afa5fe027e6013318ae8724059ee3d05101771d4528e7fc5b6
-
SHA512
7ac6c573658b311c5bf885a143036b62118af73e7cb13d5b908674c5cacce89ff61b56f862083aca1d5f7c9d5b2f38a8bcee80cb334b97411ee9c8b885aea1ef
-
SSDEEP
24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8awUh9H16gR7:hTvC/MTQYxsWR7atr
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-