Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
36b012ce5d49946e13199b08e3b41589b4eeb80e429628031d6aab90bb2804ae
-
Size
514KB
-
Sample
230306-dfmpcaad48
-
MD5
81171a0c4fbe80b5f7bc9d41ee97b753
-
SHA1
0b7584836b43afad22e8e863b2827e7be6b27a1b
-
SHA256
36b012ce5d49946e13199b08e3b41589b4eeb80e429628031d6aab90bb2804ae
-
SHA512
abd290679554d99e221398588e43bb78d6e7aaa03a201a008614572298c25e3066b775ffc8871533a4299c1e2594b4c9748b168ea15804908908d48cfc224812
-
SSDEEP
12288:qYi8LodU2EEA7Znkj/tiDsJhDbCbQbJTvIN6:qYioh2Eoj/I4zIN6
Static task
static1
Behavioral task
behavioral1
Sample
36b012ce5d49946e13199b08e3b41589b4eeb80e429628031d6aab90bb2804ae.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
36b012ce5d49946e13199b08e3b41589b4eeb80e429628031d6aab90bb2804ae.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6277254729:AAH9hHYZNSDZac0nNvgmchkZF8WVRKU5dJ0/
Targets
-
-
Target
36b012ce5d49946e13199b08e3b41589b4eeb80e429628031d6aab90bb2804ae
-
Size
514KB
-
MD5
81171a0c4fbe80b5f7bc9d41ee97b753
-
SHA1
0b7584836b43afad22e8e863b2827e7be6b27a1b
-
SHA256
36b012ce5d49946e13199b08e3b41589b4eeb80e429628031d6aab90bb2804ae
-
SHA512
abd290679554d99e221398588e43bb78d6e7aaa03a201a008614572298c25e3066b775ffc8871533a4299c1e2594b4c9748b168ea15804908908d48cfc224812
-
SSDEEP
12288:qYi8LodU2EEA7Znkj/tiDsJhDbCbQbJTvIN6:qYioh2Eoj/I4zIN6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-