Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1835DIR231029551-CRE001.exe
-
Size
37KB
-
Sample
230203-l9m6zaeb62
-
MD5
3b28693a81f4b8e8bc34a5f3c163a11d
-
SHA1
48e78c0bd2083959c284224107e83d8d7dbd4edd
-
SHA256
597e90cad10af3bd4de583ac05b15e5697e0a57b7853fb4fca7fc8a0f7acc24d
-
SHA512
22d9c4e46e76fcd80aca7d3e2a407498ef1116f5eea00b48454f5f3d295fe24621d1243b5659a6557a75c93d315b6ff80bda1729f3bbadec7c83986c6c90835f
-
SSDEEP
768:ievZNsOyQ1TxGK+RDYRXsYgHa6t+S2Uqt5RYVMgE4O4v:vNsOv1T4K+RDKXS6++SHqtfYC
Static task
static1
Behavioral task
behavioral1
Sample
1835DIR231029551-CRE001.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1835DIR231029551-CRE001.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.wasstech.com - Port:
587 - Username:
[email protected] - Password:
payment 12345 - Email To:
[email protected]
Targets
-
-
Target
1835DIR231029551-CRE001.exe
-
Size
37KB
-
MD5
3b28693a81f4b8e8bc34a5f3c163a11d
-
SHA1
48e78c0bd2083959c284224107e83d8d7dbd4edd
-
SHA256
597e90cad10af3bd4de583ac05b15e5697e0a57b7853fb4fca7fc8a0f7acc24d
-
SHA512
22d9c4e46e76fcd80aca7d3e2a407498ef1116f5eea00b48454f5f3d295fe24621d1243b5659a6557a75c93d315b6ff80bda1729f3bbadec7c83986c6c90835f
-
SSDEEP
768:ievZNsOyQ1TxGK+RDYRXsYgHa6t+S2Uqt5RYVMgE4O4v:vNsOv1T4K+RDKXS6++SHqtfYC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-