Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bank Copy 022824001.pdf.exe
-
Size
703KB
-
Sample
240228-rja2lsde7v
-
MD5
c56407abd66f8bb4eaa318e56f464f71
-
SHA1
134d8ad6789d8c500005754da686ddc7d46e92d1
-
SHA256
18685cc299f03f907413c789321ea1131326fec4a71de97194814685ba0dba38
-
SHA512
6f52056d194dcaedba67bf2f29a7036e4172008085ee6cd1c0734077801c28c961501d1c535cd3bb7086c08cf7ffc29de9098770dbe93bd382554242a0ae07cc
-
SSDEEP
12288:vW+L9bW9ezd6Ztw4C8zFVK52RoA5UCWEFElQ+Nij2DGoNHJqCf9OK96bkR:vbL9iyYnRC8zA26A5hxOlQ+cCJNHgKE+
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ronaldsmith.loan - Port:
587 - Username:
[email protected] - Password:
BillionPay$ - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
mail.ronaldsmith.loan - Port:
587 - Username:
[email protected] - Password:
BillionPay$
Targets
-
-
Target
Bank Copy 022824001.pdf.exe
-
Size
703KB
-
MD5
c56407abd66f8bb4eaa318e56f464f71
-
SHA1
134d8ad6789d8c500005754da686ddc7d46e92d1
-
SHA256
18685cc299f03f907413c789321ea1131326fec4a71de97194814685ba0dba38
-
SHA512
6f52056d194dcaedba67bf2f29a7036e4172008085ee6cd1c0734077801c28c961501d1c535cd3bb7086c08cf7ffc29de9098770dbe93bd382554242a0ae07cc
-
SSDEEP
12288:vW+L9bW9ezd6Ztw4C8zFVK52RoA5UCWEFElQ+Nij2DGoNHJqCf9OK96bkR:vbL9iyYnRC8zA26A5hxOlQ+cCJNHgKE+
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-