Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
90ed9d25dc93f73d574a27e7b7e4806107eafc2018038840521cf44ec5f38245
-
Size
861KB
-
Sample
241215-bdpd2szjhx
-
MD5
4f317fb6f4fc58e20f80bb8054767557
-
SHA1
b7d39f72903941f59b568476d3e548b3060b9af6
-
SHA256
90ed9d25dc93f73d574a27e7b7e4806107eafc2018038840521cf44ec5f38245
-
SHA512
5210fc381b002ec82e86ef83784d94ca5c895a3eb1c9fd72751b45f142ac950a9a7127b53476ee0e800d7973bea2090f6f1a204ae04396aaa7ab620b89434f64
-
SSDEEP
6144:MKFylHuqIDU7/5mgS7q0XQxvV2B/TsSZ7ADmQK5DLlHE:MK8IDC/5mi5KLsS2KhR
Malware Config
Targets
-
-
Target
90ed9d25dc93f73d574a27e7b7e4806107eafc2018038840521cf44ec5f38245
-
Size
861KB
-
MD5
4f317fb6f4fc58e20f80bb8054767557
-
SHA1
b7d39f72903941f59b568476d3e548b3060b9af6
-
SHA256
90ed9d25dc93f73d574a27e7b7e4806107eafc2018038840521cf44ec5f38245
-
SHA512
5210fc381b002ec82e86ef83784d94ca5c895a3eb1c9fd72751b45f142ac950a9a7127b53476ee0e800d7973bea2090f6f1a204ae04396aaa7ab620b89434f64
-
SSDEEP
6144:MKFylHuqIDU7/5mgS7q0XQxvV2B/TsSZ7ADmQK5DLlHE:MK8IDC/5mi5KLsS2KhR
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
System Binary Proxy Execution: InstallUtil
Abuse InstallUtil to proxy execution of malicious code.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-