Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MT103.exe
-
Size
1.1MB
-
Sample
221201-l44lrsca6z
-
MD5
b1d3fd78e907eda6633cff65693d6e8d
-
SHA1
0254e7859a88131131fafd7c583637108b62b6fd
-
SHA256
77dd82d858166a180a5de6d9da606500cd41fba6fe1fb7bc09c63162af78bb48
-
SHA512
717b19a7d06a5b306e34c29c2cd4e5c0e16158372718c90475296f3dc895d2a3d8736a27e65f6d5bea4a0f50be3b1cf979ce49560c52674b90545e2bbb4aa714
-
SSDEEP
24576:KP9cAGtjJQX6C2/aHeWvRC4hDIZDTB8pnzTccO:yC7Jv3NWvMyUoZvN
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1644755040:AAGRTnph6BdO8-t1bJaOyVu9aeuJErmisqs/sendDocument
Targets
-
-
Target
MT103.exe
-
Size
1.1MB
-
MD5
b1d3fd78e907eda6633cff65693d6e8d
-
SHA1
0254e7859a88131131fafd7c583637108b62b6fd
-
SHA256
77dd82d858166a180a5de6d9da606500cd41fba6fe1fb7bc09c63162af78bb48
-
SHA512
717b19a7d06a5b306e34c29c2cd4e5c0e16158372718c90475296f3dc895d2a3d8736a27e65f6d5bea4a0f50be3b1cf979ce49560c52674b90545e2bbb4aa714
-
SSDEEP
24576:KP9cAGtjJQX6C2/aHeWvRC4hDIZDTB8pnzTccO:yC7Jv3NWvMyUoZvN
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-