Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
13/12/2024, 01:07
241213-bgqraavphp 10General
-
Target
32242204396fc8f3e2b6a6731533b72b.bin
-
Size
706KB
-
Sample
241213-bgqraavphp
-
MD5
46baad46a31ebdb338962b1356a1b40a
-
SHA1
66fbdb086e12b4eda6d9793a6c790f3e50d5a77f
-
SHA256
41e668c7afd9fffff257e17583e10f636eb4f2a1a54ae9d8bfbc1869d18a56ed
-
SHA512
5f4d67e049d70d4f0c660d655d6c5775856ead61602232916d76023854eaad168f3858edc2eaace5dc469f060d2eafb7702e137f44f68f3c2caacc06b468fc93
-
SSDEEP
12288:RGzpX2hWrBy+m2lrtWmiEz4GjEIaspcBDGUiJ2llaFbRa/bUIzSqWf5:MzpjQ4cC4MyRBDGUi4/aFbRa/Yp
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.iaa-airferight.com - Port:
587 - Username:
[email protected] - Password:
manlikeyou88 - Email To:
[email protected]
Targets
-
-
Target
INV01542 , INV01562-7500003124 JTR-0084.bat
-
Size
820KB
-
MD5
0b87c44a55bc24c1a96e1797c939bb10
-
SHA1
af91b2b662f7a1827fba6bf5158178dd8cebcbd7
-
SHA256
bb1cbd0fd591bed430c586933cced40166d459cfd324c738e5d3d6cd8e154a36
-
SHA512
e5938abe43807c803726c20a21c4c970e03f3caca72b370288b428aaa8a553b3f219039386819eb9df662ed4b02a8a11a12ef2e3e6d5cba1a5e413d14fc8948f
-
SSDEEP
12288:EoMKhM39TXsTAiM6kVRl+64Oh0dRnlRq1SXx0JmHT2p45kM61iBoVm:tMacicY5dReoXx00HqskM6cBt
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-