Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PO-1607201158 --- NAXILAI.zip
-
Size
552KB
-
Sample
221217-ngkw9age94
-
MD5
37984cec28f549af24029cbf8be51873
-
SHA1
1777aae023c251ab0fa54c4f773ce7f8d8b08057
-
SHA256
3ddde48f233953cfe9064930012c4ab90d90439291fa093b08ee16c06e6eb966
-
SHA512
259f7dfdf5651e621607f2d373c29570fc73d5096ec032bd7ce9e87433e6173d838fae2e9db04a8b3120842972323c9710487ef2f89d8ac1446290ed94e21f8f
-
SSDEEP
12288:6jUGLG9yelqiE7UB5/gAXZ1I6c1u2GHDiy+U6xo1C6Dv:6NgAh7UBNgt92Diy+Uio1L
Static task
static1
Behavioral task
behavioral1
Sample
PO-1607201158 --- NAXILAI.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
PO-1607201158 --- NAXILAI.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
@@Marriedj8OQWinbi1
Targets
-
-
Target
PO-1607201158 --- NAXILAI.exe
-
Size
599KB
-
MD5
344e038bc93ae48700830b37b78beb36
-
SHA1
d994820625144db20ad0ff08abf3ede71b6232fa
-
SHA256
747e7e2681dcb1663759b915ce6a656d40954127343aff9fade05be78d3d99df
-
SHA512
aede41fd50dfb8169f05b6bd8d168d727db52bdfefc9da38f83bea07d6c29a02e2cf7dff1d7e50a39ee7a960eeabc0f3fddb7ee4c5da927cb429f373bda18610
-
SSDEEP
12288:b5kWP9tuelkielUBb3gsXZ1I6k1Y2kvARw+y6xu:beCC7lUBrgbVzRw+yi
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-