Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
EX776534570643699755 pdf.ace
-
Size
474KB
-
Sample
230315-kycenacd67
-
MD5
b9491bfe09135071c4c6a4cb33114a73
-
SHA1
c896bd72f3abf6087ff9c8f425aa60f5f2b2415f
-
SHA256
d6743c07232b66f82d80878dc9ae5b43e67ea6d68bb4bda22eca9bca90887d1c
-
SHA512
d1c0f7dd7a7a0bb29006540ddb20b20d0cb64be9bdd1c3906eb7b79f3df4b34277d13b3e5f8728ba1bfef24a9bed6ccee3b8afe27e59deeaaac6735d66ec891f
-
SSDEEP
12288:SPzylss8YMhYPNg765a9KLvvJbINuAAZrz:Aw8YjPe90vvJqAVz
Static task
static1
Behavioral task
behavioral1
Sample
EX776534570643699755 pdf.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
EX776534570643699755 pdf.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5970985875:AAGxcS7riy4ZlEmFj2Z031AsUoRvment2iI/
Targets
-
-
Target
EX776534570643699755 pdf.exe
-
Size
673KB
-
MD5
c807619e765372c445ac017f698cb599
-
SHA1
f9e86104957700ee8b09c9d1608c12980de3e7d8
-
SHA256
d4619f2c2ee3ce4f61be21cc18a66a05dc704c21e4db962ffa376ab4e60508ef
-
SHA512
fc2ac83f3401e305a9676ad091e95ecf071f3f43f3356618152f1f9325cd63438ad88a4516903d98e3a21db9e7263212b567f188c4db2435eb1f81add2331e83
-
SSDEEP
12288:QRE+OaItl2/qi+e0pvblMB6FmQoEGmKbk:q3CiNEeQwmK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-