Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AWB NO. 8148557141.exe
-
Size
792KB
-
Sample
230207-srwtqacd24
-
MD5
a169ae631ac877e4e89d595b6ba03600
-
SHA1
4589dd4afc4a6c9423ddba7442137e5beb502fb0
-
SHA256
c1add17549206e0ea3e1025ec81ff8d7e5ae994381600ec84d33eeab50ea7232
-
SHA512
f2a639c226a6e092c664921fcb99dba63ca564e024f0be3b364951c55a842a5767a95c79f7afd1d61400c01c396eb346346e110f18e744613008def4d0e0bcf3
-
SSDEEP
12288:Nrt0wdeWKBp5gYcjzioNo5IhMbmfEJhJm6I6awHRr/CB06KuLpgbDDlG:NrGV7p55Ki7WhMKfCm6xawxO5dgZ
Static task
static1
Behavioral task
behavioral1
Sample
AWB NO. 8148557141.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
AWB NO. 8148557141.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
AWB NO. 8148557141.exe
-
Size
792KB
-
MD5
a169ae631ac877e4e89d595b6ba03600
-
SHA1
4589dd4afc4a6c9423ddba7442137e5beb502fb0
-
SHA256
c1add17549206e0ea3e1025ec81ff8d7e5ae994381600ec84d33eeab50ea7232
-
SHA512
f2a639c226a6e092c664921fcb99dba63ca564e024f0be3b364951c55a842a5767a95c79f7afd1d61400c01c396eb346346e110f18e744613008def4d0e0bcf3
-
SSDEEP
12288:Nrt0wdeWKBp5gYcjzioNo5IhMbmfEJhJm6I6awHRr/CB06KuLpgbDDlG:NrGV7p55Ki7WhMKfCm6xawxO5dgZ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-