Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
purchase_order#9008.pdf.exe.bin
-
Size
705KB
-
Sample
240516-k6b4vsea38
-
MD5
726571af422751cb9183847fba7d16c8
-
SHA1
1603743af5dd025bd13a22de9cb41573a555c8a1
-
SHA256
ba459f5797d3dca472ea3f831b8f43f7bbb7e9abe2dec4e75c80b49c391483d1
-
SHA512
a4e98a2bb54e15334b1bcdbe98a0e9bde837c18910f190c91e7038b5413b464607c0c8f19d7b42f4249cae4c71a0491814b99e54fcdab5d2d8993704022d2306
-
SSDEEP
12288:T0pei36RjxWLQXv6yw49/thJVv6z53yrOZ6JwxcBy+YgAEQC:gpp36dxmQBhE53ySsJwxyy+YvEQ
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.grwpumps.com - Port:
587 - Username:
[email protected] - Password:
Techno@9876 - Email To:
[email protected]
Targets
-
-
Target
purchase_order#9008.pdf.exe.bin
-
Size
705KB
-
MD5
726571af422751cb9183847fba7d16c8
-
SHA1
1603743af5dd025bd13a22de9cb41573a555c8a1
-
SHA256
ba459f5797d3dca472ea3f831b8f43f7bbb7e9abe2dec4e75c80b49c391483d1
-
SHA512
a4e98a2bb54e15334b1bcdbe98a0e9bde837c18910f190c91e7038b5413b464607c0c8f19d7b42f4249cae4c71a0491814b99e54fcdab5d2d8993704022d2306
-
SSDEEP
12288:T0pei36RjxWLQXv6yw49/thJVv6z53yrOZ6JwxcBy+YgAEQC:gpp36dxmQBhE53ySsJwxyy+YvEQ
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-