Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e
-
Size
658KB
-
Sample
241124-bysxzaxlbw
-
MD5
6348941741d25ad4a6210eff2087c178
-
SHA1
d6f946c15298cc3942486cc8f703e50c3f621335
-
SHA256
bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e
-
SHA512
fad70434447abde63105ca1f7c6b366a4f952eae1a6994b0adcdef750ac55cc88cd39d4ee0ee760e6caec0cb3b7f2f159f1866e277c139fa6c2771b9c960e3aa
-
SSDEEP
12288:sOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitC1xWV/ugVkH5P3h8pLBM:sq5TfcdHj4fmbEC10/LT5a
Behavioral task
behavioral1
Sample
bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e.exe
Resource
win7-20241023-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.stingatoareincendii.ro - Port:
21 - Username:
[email protected] - Password:
3.*RYhlG)lkA
Targets
-
-
Target
bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e
-
Size
658KB
-
MD5
6348941741d25ad4a6210eff2087c178
-
SHA1
d6f946c15298cc3942486cc8f703e50c3f621335
-
SHA256
bd44ce5c806a52da0ea91ca36fd53e24a3dbe2244f07b498eb9761a424b7b03e
-
SHA512
fad70434447abde63105ca1f7c6b366a4f952eae1a6994b0adcdef750ac55cc88cd39d4ee0ee760e6caec0cb3b7f2f159f1866e277c139fa6c2771b9c960e3aa
-
SSDEEP
12288:sOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPitC1xWV/ugVkH5P3h8pLBM:sq5TfcdHj4fmbEC10/LT5a
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-