Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Employee Handbook English.exe
-
Size
652KB
-
Sample
240531-jh6g5abe5w
-
MD5
6554cf839ea2e5749ee45c9dffe7b16f
-
SHA1
dfa0c3d9e29d7498a7243b4137230049ba89fc0a
-
SHA256
28b3c09f079c35e84e7cb01688b99e15dc105a0abb481294e796d1d70db030a1
-
SHA512
c4332870bf03ec897cf5af0e18c33c8cd3e877c8bbc5dad9e552116ebf135774288e186e340c32cca1c0503f39144f21f1beb177542eef637052bc271cbf00fc
-
SSDEEP
12288:JdJS4Vk1mSR1mmsXYyJu1FbrOXsCWhU7UyOg/dnK2ViSqjDDLy:pSckDRNBTv0ZWKQyOsdK2nqjH2
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
cemfa.com - Port:
587 - Username:
[email protected] - Password:
mohamed@cemfa - Email To:
[email protected]
Targets
-
-
Target
Employee Handbook English.exe
-
Size
652KB
-
MD5
6554cf839ea2e5749ee45c9dffe7b16f
-
SHA1
dfa0c3d9e29d7498a7243b4137230049ba89fc0a
-
SHA256
28b3c09f079c35e84e7cb01688b99e15dc105a0abb481294e796d1d70db030a1
-
SHA512
c4332870bf03ec897cf5af0e18c33c8cd3e877c8bbc5dad9e552116ebf135774288e186e340c32cca1c0503f39144f21f1beb177542eef637052bc271cbf00fc
-
SSDEEP
12288:JdJS4Vk1mSR1mmsXYyJu1FbrOXsCWhU7UyOg/dnK2ViSqjDDLy:pSckDRNBTv0ZWKQyOsdK2nqjH2
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-