Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
e-dekont-20230206.exe
-
Size
679KB
-
Sample
230207-vmwn9sga5x
-
MD5
33a5f92deee382035467caff29a8d487
-
SHA1
7e6daec4a2a4dde0f5148df4165fa8cebb7011e4
-
SHA256
e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666
-
SHA512
c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af
-
SSDEEP
12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu
Static task
static1
Behavioral task
behavioral1
Sample
e-dekont-20230206.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e-dekont-20230206.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
https://discord.com/api/webhooks/1063267560818233445/Ga1uL1m9HE258QH4hqiVhVH5m98lA3rsO835awvMXcR1F31nnHHfghtrbDwRtJci1Osr
Targets
-
-
Target
e-dekont-20230206.exe
-
Size
679KB
-
MD5
33a5f92deee382035467caff29a8d487
-
SHA1
7e6daec4a2a4dde0f5148df4165fa8cebb7011e4
-
SHA256
e3b4406836308220da7989e5d539486ee1b71b4cc25a822e056993ab44675666
-
SHA512
c2c3a2ffc2719245166a561050a0c4d9ece584dea47997bb5db1cc30885e31e2a5af3cfbb27526835b10bdda71b572c307e8704a1ac53e9119cfe63c760f66af
-
SSDEEP
12288:vjsouJ3dUctF0KHbYXj/oNmsNjMQWwBTMYvwgScpK3J+ZBJwsscBDZn0Vx1NdB:2NUc7TbEDoNtQQWwKYvJScg63scDnu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-