Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6a5edfedcacd647606f65f573ba88fd5.bin
-
Size
662KB
-
Sample
240601-cp3aqafb39
-
MD5
51cad23c38e405cc4770267bcdb89275
-
SHA1
8b090bc97bfd88183c8303e9dfdc8d0d15bc1f2c
-
SHA256
45c59a343b482c4c521c920f16dd1f62d0387c6c1dac58a926d75ff399c5d61e
-
SHA512
0fee4a448820b28a28ea59b7d13596f445c8e9bb71cf3003bf695460ce7d790dfd14a6397bf38d12e7cff98a191042ea5ebb8b2067505cbf98ca63cd70fdde13
-
SSDEEP
12288:cHajI9QoeZbrLouqi8mmoMPUw//gFb7D7E2jxxU4jAU2sO3:c6toezohi8mmo4LgFbbEix5jAUNk
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mayedasselectromech.com - Port:
587 - Username:
[email protected] - Password:
India@2014 - Email To:
[email protected]
Targets
-
-
Target
40367d6e32f9a6d3f45372fd60a4da63f494dc1ae0fd1781cfd9c3a74b4a06f9.exe
-
Size
710KB
-
MD5
6a5edfedcacd647606f65f573ba88fd5
-
SHA1
e03491d78351a41011798d2f713a5296dfcc0553
-
SHA256
40367d6e32f9a6d3f45372fd60a4da63f494dc1ae0fd1781cfd9c3a74b4a06f9
-
SHA512
4be2c86ee9e51f51f85b9fc5c9e85ca295dd3a8131d80322199da7369f0c374b5a2ce45338cce93f89b46c89f819312a1e1f6127170a137715fef7dbcc56d5b9
-
SSDEEP
12288:wbItdJS4VbKTi4dwB/m9nIayC/3cvVKr8Zpf/WJPmGE0CLXD4GME8XB:vRScz4dEuFIal36IrypfOJm/XEGY
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-