Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Meidoh RFQ IND.2023.exe
-
Size
332KB
-
Sample
230213-hyrs8sba3w
-
MD5
889ce644fc58e8493c76fdc886340bb9
-
SHA1
11826787f0f2fcf9d2c959b9e992f1639b4938ba
-
SHA256
08477ca70902dc2098c13b61d3661c0defe17a1e42195cdc6b1bdb7af2d98e2d
-
SHA512
5c7331db00b0188e5db661061bf7d4bb426d51906e4193e3e6ff588089b335ab0f4c6aa2a8f02efc79b3b41405c2e44a2385f97d828cba481ad7f4474d6d2d34
-
SSDEEP
6144:vYa6vOKlv2G7Pqj+tDlfhnQjbNKA/eYaLJMqTqoFZOR79j208j:vYtxlv28qjYDpn/XTJ27R8j
Static task
static1
Behavioral task
behavioral1
Sample
Meidoh RFQ IND.2023.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Meidoh RFQ IND.2023.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.azmlogistics.com - Port:
587 - Username:
[email protected] - Password:
cJ0Py0z8]6@U - Email To:
[email protected]
Targets
-
-
Target
Meidoh RFQ IND.2023.exe
-
Size
332KB
-
MD5
889ce644fc58e8493c76fdc886340bb9
-
SHA1
11826787f0f2fcf9d2c959b9e992f1639b4938ba
-
SHA256
08477ca70902dc2098c13b61d3661c0defe17a1e42195cdc6b1bdb7af2d98e2d
-
SHA512
5c7331db00b0188e5db661061bf7d4bb426d51906e4193e3e6ff588089b335ab0f4c6aa2a8f02efc79b3b41405c2e44a2385f97d828cba481ad7f4474d6d2d34
-
SSDEEP
6144:vYa6vOKlv2G7Pqj+tDlfhnQjbNKA/eYaLJMqTqoFZOR79j208j:vYtxlv28qjYDpn/XTJ27R8j
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-