Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
tmp
-
Size
952KB
-
Sample
230316-meyjwscf4s
-
MD5
9dd97b3380058856a357c1f1185459e5
-
SHA1
03265ace06f8556bc9778f6ec9a7d41f25aa1544
-
SHA256
ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b
-
SHA512
cef0de270220546566cb4097ae370402209ad4955959356a9c271dcda751d7ae183e82a155de4d6ea1530be765709b27607adce615581c9d0b444c494c02697e
-
SSDEEP
24576:vq2JThA+pEWsz5VrPH4BpvpiFDqlWUu5rVwHz:v/FSaRsDzYBvuWsU
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.huiijingco.com - Port:
587 - Username:
[email protected] - Password:
lNLUrZT2
Targets
-
-
Target
tmp
-
Size
952KB
-
MD5
9dd97b3380058856a357c1f1185459e5
-
SHA1
03265ace06f8556bc9778f6ec9a7d41f25aa1544
-
SHA256
ffd22ff93a2dcc371fd090f4855494e14ebdd61fbd1c4995a31b3dfb74bade9b
-
SHA512
cef0de270220546566cb4097ae370402209ad4955959356a9c271dcda751d7ae183e82a155de4d6ea1530be765709b27607adce615581c9d0b444c494c02697e
-
SSDEEP
24576:vq2JThA+pEWsz5VrPH4BpvpiFDqlWUu5rVwHz:v/FSaRsDzYBvuWsU
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-