Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Inquiry 59901.img
-
Size
1.2MB
-
Sample
230207-pzqe5aeh5x
-
MD5
56eadad40368d249cb844cd7d74ad087
-
SHA1
68902eed64af273fd6b9b5bbc106beb2e097da10
-
SHA256
7d78782be02addab22c18c6ff2acd356af2ae00764aa07cb6f5d6ccae8849954
-
SHA512
fb726b9430f385de711889fcd32785364efbfdf4018fec7ab0afd2ba0ba8151991d204fb7b32dc1ae3f8a565e334eab8b48d2c4d620422a5f83ccdca5db46c1e
-
SSDEEP
12288:sY3Lnt2qGBe8vy1zUO15sW4FKoqxGPML:sY3bUq+DvGUO16L0S
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY_.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
INQUIRY_.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
Protocol: smtp- Host:
mail.bonsa.lt - Port:
587 - Username:
[email protected] - Password:
201Bon@21
Extracted
agenttesla
Protocol: smtp- Host:
mail.bonsa.lt - Port:
587 - Username:
[email protected] - Password:
201Bon@21 - Email To:
[email protected]
Targets
-
-
Target
INQUIRY_.EXE
-
Size
336KB
-
MD5
a2ab7106ec15430a26a4cc51b8652e90
-
SHA1
568921c051e70728e3bda88be84229b39eb25101
-
SHA256
a4d3f3fee4515751a055d909feb13caa9b57b004451a7593cae493865b480e70
-
SHA512
a35d60cd0798142430f6d418d7f920850a05f881b38118cb586393510e29e6c14a14faca1f126c0db5e9646d21317b3368857bc68a672a966ad0040f9c14ca94
-
SSDEEP
6144:yYa6xrR2TNg4m+y2qUJBBMVZ8vy1cK9tU1A15sW4FKo9wxGPM3F5v:yY3Lnt2qGBe8vy1zUO15sW4FKoqxGPMr
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-