Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.25304.17510.exe
-
Size
750KB
-
Sample
221129-e25mqahf5w
-
MD5
46a7a058edfa81f6532fac581d21480d
-
SHA1
00a6651203b712edeb00595baa133db111a4ec06
-
SHA256
458fefa707435c36315bf410b3318c34a83da7e4bb2429986ba4ab95986d9d11
-
SHA512
cd25eb2833f17898c283470afceceed5d90c0162d1604fe0d2ff34a60327f6b5717860549ea5e03cd5fe999d85a9b8a6ae1ec37b2b727afc36d8d31b2bf35fd3
-
SSDEEP
12288:VTjRZRHxnkNhCz9g2vv9DZQysVK3Ls05CukBP2FvEkarbmPog:VTBRC49g2nJZ8VKbVouUP2Fv4g
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.25304.17510.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.25304.17510.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
[email protected] - Password:
communication$dongle&1132
Extracted
agenttesla
Protocol: smtp- Host:
mail.dana-world.com - Port:
587 - Username:
[email protected] - Password:
communication$dongle&1132
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.25304.17510.exe
-
Size
750KB
-
MD5
46a7a058edfa81f6532fac581d21480d
-
SHA1
00a6651203b712edeb00595baa133db111a4ec06
-
SHA256
458fefa707435c36315bf410b3318c34a83da7e4bb2429986ba4ab95986d9d11
-
SHA512
cd25eb2833f17898c283470afceceed5d90c0162d1604fe0d2ff34a60327f6b5717860549ea5e03cd5fe999d85a9b8a6ae1ec37b2b727afc36d8d31b2bf35fd3
-
SSDEEP
12288:VTjRZRHxnkNhCz9g2vv9DZQysVK3Ls05CukBP2FvEkarbmPog:VTBRC49g2nJZ8VKbVouUP2Fv4g
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-