Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
EMED_ZAMÓWIENIE_N.2402290221.exe
-
Size
1.2MB
-
Sample
240229-kr54dscb82
-
MD5
90fef91edee1df02f5f9336dcee3f444
-
SHA1
c983932f2a99e0c42860e12078ed971bf529dec5
-
SHA256
4462f40cbb243a63f60fcc2c1b03150dc45d9fd0e8cef78c7e6ea9de60aa32cf
-
SHA512
bd16674ec38ab19dc0534d32ae3c2efc37d6289a59a1392ed10a62f0b6889073181c5eb73c97f893d27a4e0a70adc21b54496d31c8271305ee786e9f48358bbd
-
SSDEEP
12288:Vj/R7ulzg/GpXVowlaUl/GDDL3oRfMhYKCUo8riaj6sgQE3mmSweHR5JNHrU3275:rqz1BAaUo8riaj6nNHQR4zA9gmNt
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.rusticpensiune.ro - Port:
21 - Username:
[email protected] - Password:
99AM}+NZ&CCq!4Vq)9!(zXx01.lQ!~nS.fBnY,4Z~fjHnGo*B3Gd;B{Q1!%-Xw--%vn^0%nt
Targets
-
-
Target
EMED_ZAMÓWIENIE_N.2402290221.exe
-
Size
1.2MB
-
MD5
90fef91edee1df02f5f9336dcee3f444
-
SHA1
c983932f2a99e0c42860e12078ed971bf529dec5
-
SHA256
4462f40cbb243a63f60fcc2c1b03150dc45d9fd0e8cef78c7e6ea9de60aa32cf
-
SHA512
bd16674ec38ab19dc0534d32ae3c2efc37d6289a59a1392ed10a62f0b6889073181c5eb73c97f893d27a4e0a70adc21b54496d31c8271305ee786e9f48358bbd
-
SSDEEP
12288:Vj/R7ulzg/GpXVowlaUl/GDDL3oRfMhYKCUo8riaj6sgQE3mmSweHR5JNHrU3275:rqz1BAaUo8riaj6nNHQR4zA9gmNt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-