Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Quotes Specifications R2100131410_PDF.img
-
Size
1.2MB
-
Sample
230207-njlxbsbd33
-
MD5
8d38ac89a1b7ce914f7a4fd69e4e5149
-
SHA1
c2af2c2d95999d7ff894ba75d473874f41db311f
-
SHA256
a48b89e4588185e7323c37169bedd210f6fa429c0344906ab4decd46e31e9dff
-
SHA512
0058142987dcbf237d57ec2d3acee7de442684362c9f3b84176560b8dd2b4d4f221c7a538023c4ac2c3203d4b05ee343fd740db97fdb020a6e0e7de000ba3b0e
-
SSDEEP
12288:GYXVBHN4C8x0ks0Ouuahj69YeeDtK0Y5tIv3:GYXVBL8uks0OuNj69beY0Yov3
Static task
static1
Behavioral task
behavioral1
Sample
QUOTES_S.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
QUOTES_S.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.ravv.sk - Port:
587 - Username:
[email protected] - Password:
bfE#vKaMi#
Targets
-
-
Target
QUOTES_S.EXE
-
Size
410KB
-
MD5
d0f0167747de9e85ece81cef22a569d7
-
SHA1
aeacddd1050c347e4ac27fdc65a2d7d5422c95e1
-
SHA256
894ca1dfeebe51eb320bd38a7da02c17e1937477a44cd4e8cf008f7a44fa7c3e
-
SHA512
90d58c5f8207d9bbf8a147edb6be2d0b4d676a34619d6e85736de3f5de938ee3fc7195883edfabfdec38f63ef03edce6faa0140a42a429e8fae3bb160543677f
-
SSDEEP
12288:yYXVBHN4C8x0ks0Ouuahj69YeeDtK0Y5tIv3G:yYXVBL8uks0OuNj69beY0Yov3G
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-