Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
28de18cf90f5beb1eacb1250791b85f689ac9df67c85578f6d62adcb46fe35a1.zip
-
Size
397KB
-
Sample
230208-lx88nsaa89
-
MD5
3501e3e621cf72f8bdf85322a9492141
-
SHA1
d92661922a2c9b5a43c2cd663817a8282470c0c8
-
SHA256
38145f2e83a343e639ad3b22c98ade7cf6383d01ce053be7cf8dd7b2b2d147d7
-
SHA512
25d82d3bda05c39735140b3f96e8e28905941f89038687885c55a5205e5e46b9d4efce6ebe1bf4528f9e5e2db4fc10609e550a24b7c084e9cfe0870abadbecef
-
SSDEEP
12288:C3fxQoWqCWuCCMW8Eq4NEf8IKD9iPCsNHb:sxPwqIE019YR
Static task
static1
Behavioral task
behavioral1
Sample
30% proforma invoice.pdf.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
30% proforma invoice.pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.ppecindia.com - Port:
587 - Username:
[email protected] - Password:
accounts@123$ - Email To:
[email protected]
Targets
-
-
Target
30% proforma invoice.pdf.exe
-
Size
567KB
-
MD5
75e1d17c8431d6b7d840fcdfe0dd9a2d
-
SHA1
3a71b6a0b1e6bdfbe6b3ed9624f17f504072f068
-
SHA256
efa920373efaa4bd26fb1704e6ea6cb05ed8e91b5e552db7ff2a7764ace07758
-
SHA512
f6e9ed253e735bfd95392914d33eacd0c70057e1335b6f2564ba7d40455bec2249bb842042b866bf35c9364383ea8882adb20cd1d26f780e08dfb35d88bc9777
-
SSDEEP
12288:9cBXiEZz7yDne7f4WYMTyPdLX2tuCAe/ZXazVt1Ek6ugpRZN7gNFSxCDH:uRJe7MTyPdLX2tuCAe/ZXazSkKacxC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-