Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    rRecibodeenvoexe.exe

  • Size

    1.2MB

  • Sample

    240111-y2j6kagdh9

  • MD5

    fa4fb29d644b32739bc6a3e1537264da

  • SHA1

    f3812509497dabf75be081efc13b183eeef3c1a3

  • SHA256

    e7236fe777e772afa5fe027e6013318ae8724059ee3d05101771d4528e7fc5b6

  • SHA512

    7ac6c573658b311c5bf885a143036b62118af73e7cb13d5b908674c5cacce89ff61b56f862083aca1d5f7c9d5b2f38a8bcee80cb334b97411ee9c8b885aea1ef

  • SSDEEP

    24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8awUh9H16gR7:hTvC/MTQYxsWR7atr

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:
    ftp
  • Host:
    ftp://ftp.siscop.com.co
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    +5s48Ia2&-(t

Targets

    • Target

      rRecibodeenvoexe.exe

    • Size

      1.2MB

    • MD5

      fa4fb29d644b32739bc6a3e1537264da

    • SHA1

      f3812509497dabf75be081efc13b183eeef3c1a3

    • SHA256

      e7236fe777e772afa5fe027e6013318ae8724059ee3d05101771d4528e7fc5b6

    • SHA512

      7ac6c573658b311c5bf885a143036b62118af73e7cb13d5b908674c5cacce89ff61b56f862083aca1d5f7c9d5b2f38a8bcee80cb334b97411ee9c8b885aea1ef

    • SSDEEP

      24576:hqDEvCTbMWu7rQYlBQcBiT6rprG8awUh9H16gR7:hTvC/MTQYxsWR7atr

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks