Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AWB NO. 1456977583.exe
-
Size
944KB
-
Sample
230207-vajtyacf92
-
MD5
67ebc475e9308c4813ba1d3f5a447ab1
-
SHA1
3cfb41dcb765b37dfa1dfb887fd4577db2d5f037
-
SHA256
31c4050dc647c5bd89feca0aa84d283add7e27e5a3f64866096aebca7b4f862d
-
SHA512
48146b6d84d4ea976c2fec7d9d5c492df9b80ae81cffe7e9f3d6bd6de7b9a336d26350c03c8ec8a0533ec3fb118cc28ac3d2df5a9d1593080c9d1d05f9cb842c
-
SSDEEP
24576:vp1LYGDkjwJsoGlWL+1zzELVYQOpRVeBlni/mW8aSn43:vp5Y5UsoGl++JELVYfpRAB1S8b
Static task
static1
Behavioral task
behavioral1
Sample
AWB NO. 1456977583.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
AWB NO. 1456977583.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6191932863:AAEw6WZfMHSbIiilSKsmAnJOgaZwvnoMVh8/
Targets
-
-
Target
AWB NO. 1456977583.exe
-
Size
944KB
-
MD5
67ebc475e9308c4813ba1d3f5a447ab1
-
SHA1
3cfb41dcb765b37dfa1dfb887fd4577db2d5f037
-
SHA256
31c4050dc647c5bd89feca0aa84d283add7e27e5a3f64866096aebca7b4f862d
-
SHA512
48146b6d84d4ea976c2fec7d9d5c492df9b80ae81cffe7e9f3d6bd6de7b9a336d26350c03c8ec8a0533ec3fb118cc28ac3d2df5a9d1593080c9d1d05f9cb842c
-
SSDEEP
24576:vp1LYGDkjwJsoGlWL+1zzELVYQOpRVeBlni/mW8aSn43:vp5Y5UsoGl++JELVYfpRAB1S8b
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-