Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9aced2be886174e3c7a6fa2f2bd0243f.exe
-
Size
1.0MB
-
Sample
220915-jlztraccf3
-
MD5
9aced2be886174e3c7a6fa2f2bd0243f
-
SHA1
fedaa06b74907d71b567ff098f4a97258dc73509
-
SHA256
a6541f542aee46042906a0cddb1ef3e4fdf3cae69a37c8011bb0c4fce27d6693
-
SHA512
851ee289659d794ed55d777d0653a1f69eb2b2c4f5bb01786ebce19754069a4c638240964c4d91dee1c1c1f7ab80e008a4eb46707881c2a698a3a6ab56c7ae7d
-
SSDEEP
12288:NMmBV7uikFgsHSEJmITKusnjeFUwG8fyN9gshRzE1ln0zlhKZiFsa3:ZBlubgREJmIzsnjeeR8fP1lnURsI
Static task
static1
Behavioral task
behavioral1
Sample
9aced2be886174e3c7a6fa2f2bd0243f.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9aced2be886174e3c7a6fa2f2bd0243f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
YAWALESS123@@
Extracted
agenttesla
Protocol: ftp- Host:
%2B - Port:
21 - Username:
application/x-www-form-urlencoded - Password:
image/jpg
p=
Targets
-
-
Target
9aced2be886174e3c7a6fa2f2bd0243f.exe
-
Size
1.0MB
-
MD5
9aced2be886174e3c7a6fa2f2bd0243f
-
SHA1
fedaa06b74907d71b567ff098f4a97258dc73509
-
SHA256
a6541f542aee46042906a0cddb1ef3e4fdf3cae69a37c8011bb0c4fce27d6693
-
SHA512
851ee289659d794ed55d777d0653a1f69eb2b2c4f5bb01786ebce19754069a4c638240964c4d91dee1c1c1f7ab80e008a4eb46707881c2a698a3a6ab56c7ae7d
-
SSDEEP
12288:NMmBV7uikFgsHSEJmITKusnjeFUwG8fyN9gshRzE1ln0zlhKZiFsa3:ZBlubgREJmIzsnjeeR8fP1lnURsI
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-