Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bank letter.zip
-
Size
790KB
-
Sample
221122-kjs4vsba5w
-
MD5
fbf6395b5cc3c98b6c9185aa5e957280
-
SHA1
8bfc72b49e4cad9e61bd1b1d713572292c139efa
-
SHA256
70694fb90e4ef85f95fa46b7ab28a7d8fdb18decdb9aaf8e122a7ba0aec180d9
-
SHA512
0fda8eaea32a3f6367ff1e86056c2a774c24beba9db6c12861abc831c6af5dc3bdeab1372cb9b33f67d6805b46e8135612a4272da098a453875349e343ad2bbe
-
SSDEEP
12288:38ZhqjemTus10dl0100HQH7g5p+8OgpSckKrZCE3GhjbNhsRubqQ8fAT75H:6WemAdlMHQHGSEZfR5/fAT7x
Static task
static1
Behavioral task
behavioral1
Sample
Bank letter.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Bank letter.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.dmstech.in - Port:
587 - Username:
[email protected] - Password:
0]6F9Az.pqfd - Email To:
[email protected]
Targets
-
-
Target
Bank letter.exe
-
Size
1012KB
-
MD5
a58b322c74d8dfba9c022607b0d0c26b
-
SHA1
380f438ad2620f1582fe9b7d5b2ba84c3d6f3349
-
SHA256
322a82cb52dd04f516915780a9eb9865e24bd284fedecf938e345270fa0f83b3
-
SHA512
06d2ff7e199a1be0ca7357bb8e9bdbcc63f00d1082cab4ef086f344b6b88c00e2885db5e369329220463237558a43280b0d249349511ca9d6e01f8bac13f3118
-
SSDEEP
12288:SLw5APwiU251kh53ZLsVOdl0160HQV7g5D+8Egpe0kOrZsEnGvjbLhsRuDIQoiCa:IPOoSbdlYHQVGioZNtrB3m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-