Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c38004d64527485b578d23cece3566ae.bin
-
Size
333KB
-
Sample
240516-dsvkqaab28
-
MD5
4f61eeb74cff7e8f5f40796066285276
-
SHA1
39e341ebea6e85e2883c509d2331c2e267c623f7
-
SHA256
de8e0a641f0d9766a2070075977f173540d308d4bd9891ed79886f1d3946c692
-
SHA512
6b89d202d74c7b174d2310c0b676856ac010fcf780cfda9e9d6f269c15bc6004e8370c6f12f0849f4c9cb879b2a0af31a8ffacdf4383825ce96c7f4575a48233
-
SSDEEP
6144:31Ju3cWoTiBUiU0nZhe6CkaAlBqLEF9/JibZDQB/I8xw7yLuntwtBHxQYkjwU:31JgF6iLHO1k5y4FyZsdb+O5txxNy3
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
gator3220.hostgator.com - Port:
587 - Username:
[email protected] - Password:
28#75@ts76#V1F8h - Email To:
[email protected]
Targets
-
-
Target
9b6fc00623210be4340042bb63c2e7d674cb62de15d8d296ac93a6ad57e78984.exe
-
Size
505KB
-
MD5
c38004d64527485b578d23cece3566ae
-
SHA1
765cb217e0da4d242359b4dd6b96adb7872a9c16
-
SHA256
9b6fc00623210be4340042bb63c2e7d674cb62de15d8d296ac93a6ad57e78984
-
SHA512
6f9188649985313fa4017ee36dc2bb9a77b564df3168053847bc44414eb1e24f20c43d8bbda6bbb5fdc3d968da7429decd8303e45b37bae9dd9261cd48227975
-
SSDEEP
12288:QccV48SQpcAMxZs1W05ICMDdmFeyZ4fa:zh8SQpc01W0cQZ4fa
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-