Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
100 gab.lzh
-
Size
809KB
-
Sample
230315-vgmt6sed25
-
MD5
6d9a4b53ccddd2d55f221b70752619cd
-
SHA1
59bbd40e4f9b563455731ab0d3ac88f4cbf3695b
-
SHA256
377eb922e14bd12146be4873fe968b8864cb1d6682e4f3244907add31feba517
-
SHA512
d5acde6240d52227627f90b5279e3d33b61d9d4dd6f61010d0cb62f3499dae7e680a36e9fb81523707c1b4db6b72a8cb591ca41373d7206ef9b33095511ce28d
-
SSDEEP
24576:5p7wYHABtDg2P55mzVT/ZwzR2lpb6JomaqIon2C:zkuOgs5kF/ER2Tb6Jkon2C
Static task
static1
Behavioral task
behavioral1
Sample
100 gab.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
100 gab.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5693068931:AAGSQSNIWDJM1FzeZVNHS020I9wVBrQdkRM/
Targets
-
-
Target
100 gab.exe
-
Size
1.2MB
-
MD5
38462e84ce0cb6d961452e6b0e20c83c
-
SHA1
86bf94777e67a820191cec9857182ff6d404539d
-
SHA256
8cc7a30b218d8c4e4dbeef936290a726ebfdb9ea1b9af35dab970ce4bb5352bc
-
SHA512
ce0c3020cdc5576d0437778db2e6521d77872a3d02c755430afdce41321c8489b2c80eff05beaa7bb8e63d3c4abc2298e3fdaca8bd2389027cf1cab4f3ec5820
-
SSDEEP
24576:QqGnNerctUvpL0V5Uk86JsJPG8ODWfMMFR5UitDJ6Bz5d:lctOpaWo8aWfLF/f6Bz5d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-