Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
New Point of Contact for Corporate Courier Account - DHL.exe
-
Size
729KB
-
Sample
240507-dmx4nafd51
-
MD5
801a0fcfdb264aabe346da570d1dd14b
-
SHA1
f3b368a2972b5ab0f75f9fd48cdb44c1f6e0dc4f
-
SHA256
566368d997e93866144f269b23a33a54d910e01c6723ea141bdf88bd9202f31a
-
SHA512
f87d777b9c8bf8a0c22be8f801c5370ae4b5bdffa18ef155f24608d283c0aa99c2d3c033b9d48ed28a26ae73fc866d02922646b9fccc876ac1d119a8f4cdf866
-
SSDEEP
12288:6NBwhSKlOxCWjFxRZV7PE4d+W/C1M2Q9FGpOUxHtYyN5P/SHPkR:cwtWjFxRZV7c+jsFUFtUxtYyniHK
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.bspmetatech.com - Port:
587 - Username:
[email protected] - Password:
suhas333 - Email To:
[email protected]
Targets
-
-
Target
New Point of Contact for Corporate Courier Account - DHL.exe
-
Size
729KB
-
MD5
801a0fcfdb264aabe346da570d1dd14b
-
SHA1
f3b368a2972b5ab0f75f9fd48cdb44c1f6e0dc4f
-
SHA256
566368d997e93866144f269b23a33a54d910e01c6723ea141bdf88bd9202f31a
-
SHA512
f87d777b9c8bf8a0c22be8f801c5370ae4b5bdffa18ef155f24608d283c0aa99c2d3c033b9d48ed28a26ae73fc866d02922646b9fccc876ac1d119a8f4cdf866
-
SSDEEP
12288:6NBwhSKlOxCWjFxRZV7PE4d+W/C1M2Q9FGpOUxHtYyN5P/SHPkR:cwtWjFxRZV7c+jsFUFtUxtYyniHK
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-