Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158
-
Size
1.1MB
-
Sample
221126-bsztbsfb9z
-
MD5
a471e88b1cb62af98534d61c26dd1973
-
SHA1
e9265d4b74ee8b09f60e1ab391691a90d19988ff
-
SHA256
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158
-
SHA512
0954f6dac7062861892394a8daebe248eb93e2e0e56cb2784287479ca80b113725f21a3fde25e791027f10fc580129dbaa84c7a9f6ff63cefb465d3ff1c49f6f
-
SSDEEP
24576:LAOcZXMungWgkTJgO4KnmdMLFspB6Q7CqF+7f:NrkTmWnmdMLE8Q7m
Static task
static1
Behavioral task
behavioral1
Sample
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158.exe
Resource
win10-20220901-en
Malware Config
Targets
-
-
Target
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158
-
Size
1.1MB
-
MD5
a471e88b1cb62af98534d61c26dd1973
-
SHA1
e9265d4b74ee8b09f60e1ab391691a90d19988ff
-
SHA256
6427b1234b3182b21cfe73e027a9943505033e0ca9c557504051581d77191158
-
SHA512
0954f6dac7062861892394a8daebe248eb93e2e0e56cb2784287479ca80b113725f21a3fde25e791027f10fc580129dbaa84c7a9f6ff63cefb465d3ff1c49f6f
-
SSDEEP
24576:LAOcZXMungWgkTJgO4KnmdMLFspB6Q7CqF+7f:NrkTmWnmdMLE8Q7m
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-