Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Trojan.Inject4.30942.29613.29881.exe
-
Size
1.7MB
-
Sample
230302-rt6ahadc93
-
MD5
b590f332b0fa48f20e7c9876fd2ec185
-
SHA1
3914b5911e3265d50d81b700ff980c7013030eb4
-
SHA256
afaa75058c4de5013c9a5dafba07e7952b354152719d373e18a226de484b7a46
-
SHA512
421972f8fff817a2f1371d95f11cea5ae85555d4a5fe207e9e3b2d45ef2593580802493a1853043f725a58a88acad8c3610e1a3822370e3cbd11472599ab9ac8
-
SSDEEP
24576:mGgTwzGtL5DmOlHCeEzyjDjXZCX5OBHCGds9L:m5tNvCeEccX5OEl
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Inject4.30942.29613.29881.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Trojan.Inject4.30942.29613.29881.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.donadorotea.com - Port:
587 - Username:
[email protected] - Password:
$TH!4vHd2ymR - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Trojan.Inject4.30942.29613.29881.exe
-
Size
1.7MB
-
MD5
b590f332b0fa48f20e7c9876fd2ec185
-
SHA1
3914b5911e3265d50d81b700ff980c7013030eb4
-
SHA256
afaa75058c4de5013c9a5dafba07e7952b354152719d373e18a226de484b7a46
-
SHA512
421972f8fff817a2f1371d95f11cea5ae85555d4a5fe207e9e3b2d45ef2593580802493a1853043f725a58a88acad8c3610e1a3822370e3cbd11472599ab9ac8
-
SSDEEP
24576:mGgTwzGtL5DmOlHCeEzyjDjXZCX5OBHCGds9L:m5tNvCeEccX5OEl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-