Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe
-
Size
238KB
-
Sample
240311-v66ctahf3v
-
MD5
232be6f79d5197ab3a7378bbababcc06
-
SHA1
1c2523b16c3e35c230bee71ddf8f251c91a663c2
-
SHA256
31b5427b86d6f1e9b200d17ebdadeb84e2e58bbb5046b4dba9c5050c0f47ace6
-
SHA512
38f66b6096969cba611dfa7dc8740c9a1e173192cd57dbbfc53a51a9cd43ac37feba3f500ca73ff7e815fc5183478d093b220da0c617eff6498a8ca39b70c6bf
-
SSDEEP
3072:evi8wEgsvHLVLWIrnAU/HW6T2Kt6DL5A9g9icVY:Ui8wEgsvHLVLW4nAU/pt6Dgg9
Behavioral task
behavioral1
Sample
1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
Q-1HmWsBJgRe
Extracted
Protocol: ftp- Host:
ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
Q-1HmWsBJgRe
Targets
-
-
Target
1710178566fbf0a8a6e23ccef0f9781bb1f33a2fe89164c091d2255097a08abc03d7698e53136.dat-decoded.exe
-
Size
238KB
-
MD5
232be6f79d5197ab3a7378bbababcc06
-
SHA1
1c2523b16c3e35c230bee71ddf8f251c91a663c2
-
SHA256
31b5427b86d6f1e9b200d17ebdadeb84e2e58bbb5046b4dba9c5050c0f47ace6
-
SHA512
38f66b6096969cba611dfa7dc8740c9a1e173192cd57dbbfc53a51a9cd43ac37feba3f500ca73ff7e815fc5183478d093b220da0c617eff6498a8ca39b70c6bf
-
SSDEEP
3072:evi8wEgsvHLVLWIrnAU/HW6T2Kt6DL5A9g9icVY:Ui8wEgsvHLVLW4nAU/pt6Dgg9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-