Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b24f91678b1ea52dfb9b6b2ed16cb5ad6cf9dea8b62788ebf07013473be26469.zip
-
Size
721KB
-
Sample
230308-mf75qaeh7y
-
MD5
6bd7be7946bc85720c40e8a9f174f0de
-
SHA1
251ed23a0a852d8fb5be3f9784b180a1bc73b166
-
SHA256
ffaaea95eb209c78be33b54c3f7a8fde11636a68622e9c941817e1fb95356b77
-
SHA512
f20b075fe0fffab773a4e2f2fe1f517a2455b5c2473223c71fba9f4f213e84c665259190baaf4bcde37ec1ba5644b793e27ebf4d3d21e73b684cffdacecce9af
-
SSDEEP
12288:x8cNng2w+u2fc01EwmlXsKvyQ6XCT1C2ccdMY5HcQrxq1HTshkyLu8kW:xTNng2c4cjXTlYCY25MY58aq1HwtuLW
Static task
static1
Behavioral task
behavioral1
Sample
Pagamento,jpeg.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Pagamento,jpeg.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.woxi.cz - Port:
587 - Username:
[email protected] - Password:
bg58gt - Email To:
[email protected]
Targets
-
-
Target
Pagamento,jpeg.exe
-
Size
866KB
-
MD5
b2365f9bf7c265399ea9b8509b66e9f4
-
SHA1
8e0908c7655d5e82edef84667063eee0208a47e3
-
SHA256
4bc2eb04a6c26b53567b75b2b1a7269ba31b13d69234dbd16d029f6265656061
-
SHA512
f0d804cb6a7647fcbf5da4e380033ec9697d26cf26c85c3edfc5feafc3c3f5e8399b3c4a570ebf51ea432f2a322320b3be5b919d357c291f620c19790845e07a
-
SSDEEP
12288:HTa/5u62iNVd0cPnlpDcbz6cyyxVv7Vbl9d74iYwLStOc2b4HV9Tx4uJvYpG:za/5u61Xd0Glp6xndUiYwLStOc2mVBl
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-