Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
854CC0F842D4859CBCA2E39C979BF3FEC8A6D5E051B5A53C86286F8E8FD85A67
-
Size
700KB
-
Sample
230314-rt355shh3w
-
MD5
1b6f9268188aad2cc59e677516a3f277
-
SHA1
8b48baba5904d58f2e973f7fe7a434776d1d6ba2
-
SHA256
854cc0f842d4859cbca2e39c979bf3fec8a6d5e051b5a53c86286f8e8fd85a67
-
SHA512
dfbb5cbdaec1b1ef233953efc21c62212c4986e368dd4901abd1118d03b634ce48a0682f1db5f40cd3dec345c2a812fe47960ca34dadb285368222a7ddc843c5
-
SSDEEP
12288:w6HB1LACXPRJtAttAA/dIDgASY+40UZwX/2E/ZABekcCIdENd0HpwCTqbDoZP8jt:ZH7ACXJJW5AgASY2UZs2E/yBnlIdsdgS
Static task
static1
Behavioral task
behavioral1
Sample
orden-PO-23-016124.pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
orden-PO-23-016124.pdf.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
beracas.com - Port:
587 - Username:
[email protected] - Password:
W4})=!Y3iN3r - Email To:
[email protected]
Targets
-
-
Target
orden-PO-23-016124.pdf.exe
-
Size
1.1MB
-
MD5
24d8621ee7b70a6a24925601483e87b3
-
SHA1
23a301dc6e66cc130e0058b5f4750764b534099c
-
SHA256
1ffecb8a3412fd17b26039c365fb064e79b95f63bf90d91960d6899d9d433c5e
-
SHA512
1ef22babb12b993ae34c9ed113ac8f5a844757aa4b6e44628566bc6f0aef622f75392f3953455a813afa209673e07dd66317f594005f9d18ece538d2456dc5a2
-
SSDEEP
24576:8lzK0pQ0s5DxINyRbk5MNyN3LALuhdugI8dnjMFct2j:85ZpQP2NyRbk5130qdug7djC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-