Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

rPO-450062...df.exe

windows7-x64

10

rPO-450062...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rPO-4500628950_pdf.exe

  • Size

    1.2MB

  • Sample

    240126-tgj8lshce5

  • MD5

    a7349364523f7f3637a6665497532953

  • SHA1

    8912b64beaa943700b80b20da8cc62e11edb0ba2

  • SHA256

    e5b2ac7f9314971e967c9c606b75dfb9766442b1dac9b9bd5fb7f5c848d5ff6b

  • SHA512

    5b6b1c042281e39acdaaeeabe2b1dc6e86e445341a3cec126665d4ee2e8fc3612daaf85c2ebde09814ef3aa5417ad6b1e8c43a6f1fb8bded4dbc84548395ad6d

  • SSDEEP

    24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaJJHk0WmknMlg+vu5:3h+ZkldoPK8YaJJHnWWgt

Score
10/10
agentteslakeyloggerspywarestealertrojan

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     ftp
  • Host:
    ftp://ftp.elquijotebanquetes.com
  • Port:
    21
  • Username:
    [email protected]
  • Password:
    kFxADjwNBm$_

Targets

    • Target

      rPO-4500628950_pdf.exe

    • Size

      1.2MB

    • MD5

      a7349364523f7f3637a6665497532953

    • SHA1

      8912b64beaa943700b80b20da8cc62e11edb0ba2

    • SHA256

      e5b2ac7f9314971e967c9c606b75dfb9766442b1dac9b9bd5fb7f5c848d5ff6b

    • SHA512

      5b6b1c042281e39acdaaeeabe2b1dc6e86e445341a3cec126665d4ee2e8fc3612daaf85c2ebde09814ef3aa5417ad6b1e8c43a6f1fb8bded4dbc84548395ad6d

    • SSDEEP

      24576:AAHnh+eWsN3skA4RV1Hom2KXMmHaJJHk0WmknMlg+vu5:3h+ZkldoPK8YaJJHnWWgt

    Score
    10/10
    agentteslakeyloggerspywarestealertrojan

    • AgentTesla

      Agent Tesla is a remote access tool (RAT) written in visual basic.

      keyloggertrojanstealerspywareagenttesla

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks