Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Inquiry-doc074389246783_10.zip
-
Size
5KB
-
Sample
220920-h4yhzaccb6
-
MD5
fd8dfbcf5f00f53a776db1c336f6cc19
-
SHA1
35ab9245340b2f5c229fd0a80b48f68bfbf2ff3a
-
SHA256
a0fb0fa7410b63de24957a7b67c2bbce927c6d9800eebac4955f8eafcc05000d
-
SHA512
eb5c5ec31f709fc4f22f97802f34710703aa8332b26758e6cc4610e62a506817eba04d388cb0853a58cb8cce8f4c6d5b64861b42f238f58e83bc28a6b03d5e8e
-
SSDEEP
96:no4eP31COrX/9uFByWNCW/tny52AEAsOz8l4raIldHlKKh3D6xXnea+Ajf:Sh/QFB/tnyMnAsOzW4ra0v5AedA7
Static task
static1
Behavioral task
behavioral1
Sample
Inquiry-doc074389246783.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Inquiry-doc074389246783.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
%2B - Port:
21 - Username:
application/x-www-form-urlencoded - Password:
image/jpg
p=
Extracted
Protocol: smtp- Host:
mail.nisusenergy.com - Port:
587 - Username:
[email protected] - Password:
Nisus@64787
Targets
-
-
Target
Inquiry-doc074389246783.exe
-
Size
21KB
-
MD5
35cc4765d727bf4b90d8995fa2fc76a1
-
SHA1
a11d84bf91ec714ff173a3696efe6313d444e0fc
-
SHA256
ea8df8dbe183507d1a924a7af3ed3e394f61830745074659744cbf6e60724891
-
SHA512
c422afdb3f3651cddef4d34c5895ff272b5e75041ad5b102790accd25703a41a1f77958ccf53d9baaa2d9e623435e934d4bff095696a41b3e50847cadc628a0f
-
SSDEEP
384:lLaqknFcv/8hQdCreXXR9hkNkCcw9Uh+ET:5nkFnE9AkbE+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-