Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
dpetmw.iso
-
Size
1.8MB
-
Sample
221020-v2cvpsfcfm
-
MD5
ed25cc0eca6c94f2dbf6787682f44c96
-
SHA1
2c204a23fd6f23ad22b10c0b70f90e988cd4903a
-
SHA256
c0944f847ff90ba9cf6ddb5cc5dfd895dca2d763123385677ff4ff3445a2549d
-
SHA512
c15a95f278415402d3066455b97f9e50c715a5b9b13a343dec58c674214a8d9df94ca1bdd38804e8c0ab9af71e9ed9dbce0ab395767e0cf1f7b574e45cad1240
-
SSDEEP
24576:xAOcZT+NxxX3ENpR8SlcRDC14DS8BaCZ73QqQ5SOb2eYz:rRQYSlcNNS8BBbJNz
Static task
static1
Behavioral task
behavioral1
Sample
IMG17613.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
IMG17613.exe
Resource
win10v2004-20220812-en
Malware Config
Targets
-
-
Target
IMG17613.EXE
-
Size
1.2MB
-
MD5
bcd50df1014ab4d7c735c6e5347c3a1e
-
SHA1
8e77d53b6388116cafcf49d3b2777ca1dcfe0d1a
-
SHA256
2e64e9db47d38ba509cdd4ca9b9ca2a589c9834ac2bde1d8a6e4ea89bbc47fa6
-
SHA512
04194528a02dd65810500977b1326c33bb57d716f72b78c128ff865223271a4543d0ef4d69fd2c3b3a8e8195391d2374c81ddf517d55b76e790d49aab10cdaed
-
SSDEEP
24576:pAOcZT+NxxX3ENpR8SlcRDC14DS8BaCZ73QqQ5SOb2eYzf:DRQYSlcNNS8BBbJNzf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-