Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
JaffaCakes118_ac72fb4c35f643ceede6c8a645b7efdf
-
Size
383KB
-
Sample
250108-zvtl4awkan
-
MD5
ac72fb4c35f643ceede6c8a645b7efdf
-
SHA1
94ee20d613c56c3488bf5af6a9da347dbe51b60b
-
SHA256
88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39
-
SHA512
812025ca8e7d908e00f55ddd8e02dee17f6ab6f7cc4f38c9d9769cd05307a86ef99f3bde373a6b7a5f917d842e436f1fe81fd6f12dc76f5ccc5dd8e0ef55957b
-
SSDEEP
6144:ddV+bQVGUC6cTqDZId1iUAPJjBuYt/MqbyO7w0vI+rGZAL9wUOAMdQ9d/kcwZ5E4:ddVrG/qDZId1iUAPJjBuYUq2M/LuDAx9
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
sontcehkwhxjwuqj
Targets
-
-
Target
JaffaCakes118_ac72fb4c35f643ceede6c8a645b7efdf
-
Size
383KB
-
MD5
ac72fb4c35f643ceede6c8a645b7efdf
-
SHA1
94ee20d613c56c3488bf5af6a9da347dbe51b60b
-
SHA256
88e39d27b4ea76f3413a5561e71b3360f79de3c8025a0357b6dfc6764a721a39
-
SHA512
812025ca8e7d908e00f55ddd8e02dee17f6ab6f7cc4f38c9d9769cd05307a86ef99f3bde373a6b7a5f917d842e436f1fe81fd6f12dc76f5ccc5dd8e0ef55957b
-
SSDEEP
6144:ddV+bQVGUC6cTqDZId1iUAPJjBuYt/MqbyO7w0vI+rGZAL9wUOAMdQ9d/kcwZ5E4:ddVrG/qDZId1iUAPJjBuYUq2M/LuDAx9
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Agenttesla family
-
AgentTesla payload
-
Reads WinSCP keys stored on the system
Tries to access WinSCP stored sessions.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-