Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PURCHASE ORDER JF&I Packaging.doc
-
Size
1.6MB
-
Sample
230207-rtm4xsfd4v
-
MD5
34abb90224f8b4fd057e8fa8f5a3eb0b
-
SHA1
8199cd6f8fba690059d7b8cac0627deba569d78b
-
SHA256
172e6a908015dd956c606d2efa00ee8fe6ed43cd9000631dad346227e0ef5450
-
SHA512
6606af8c45f342f9346820184fa0b920fd15d4e2475c90ddaedd60b67622d7ec7b9605ff5210dfd2eea3c068b6472d3bad43cff48f8821ae3533293aaf408305
-
SSDEEP
24576:XqG17EWl3Eq+1pQ3v3qb29mxmF2KXT4tFswg9ogPMGwJ8aswWVeq8smDiZvMCong:t
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER JF&I Packaging.rtf
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER JF&I Packaging.rtf
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cebc.eu - Port:
587 - Username:
[email protected] - Password:
mprI?DOy1BX8 - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER JF&I Packaging.doc
-
Size
1.6MB
-
MD5
34abb90224f8b4fd057e8fa8f5a3eb0b
-
SHA1
8199cd6f8fba690059d7b8cac0627deba569d78b
-
SHA256
172e6a908015dd956c606d2efa00ee8fe6ed43cd9000631dad346227e0ef5450
-
SHA512
6606af8c45f342f9346820184fa0b920fd15d4e2475c90ddaedd60b67622d7ec7b9605ff5210dfd2eea3c068b6472d3bad43cff48f8821ae3533293aaf408305
-
SSDEEP
24576:XqG17EWl3Eq+1pQ3v3qb29mxmF2KXT4tFswg9ogPMGwJ8aswWVeq8smDiZvMCong:t
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-