Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
NO120220.exe
-
Size
9KB
-
Sample
221104-c195psccel
-
MD5
f957c21bba09b850253f5e234eaee672
-
SHA1
c2d6e245c356291a4a500453555ebf6f8136519b
-
SHA256
407845005e74c5321a626668d9bfa35f57332328e7e7ac76fd06523d90a4e20d
-
SHA512
2844c357911bcb0f1cc5d8f9f5bc0243d7d3418dabe43429a2da8b1dc67dbd73bbcb4fc0105127d0fb4a93a2a41fbc917644ff931245cba146f78d3f8d33c5eb
-
SSDEEP
192:NDWHDqno3KtoLmPbOw9QYYcQdi8stYcFmVc03KY:NDW+noZLmjOwIcKiptYcFmVc03K
Static task
static1
Behavioral task
behavioral1
Sample
NO120220.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
NO120220.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://192.3.223.202 - Port:
21 - Username:
ftplogs - Password:
sPkZ7jK7P6aA
Targets
-
-
Target
NO120220.exe
-
Size
9KB
-
MD5
f957c21bba09b850253f5e234eaee672
-
SHA1
c2d6e245c356291a4a500453555ebf6f8136519b
-
SHA256
407845005e74c5321a626668d9bfa35f57332328e7e7ac76fd06523d90a4e20d
-
SHA512
2844c357911bcb0f1cc5d8f9f5bc0243d7d3418dabe43429a2da8b1dc67dbd73bbcb4fc0105127d0fb4a93a2a41fbc917644ff931245cba146f78d3f8d33c5eb
-
SSDEEP
192:NDWHDqno3KtoLmPbOw9QYYcQdi8stYcFmVc03KY:NDW+noZLmjOwIcKiptYcFmVc03K
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-