Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a983dd23ea30dc4c94881bf5e3a2fbdc.exe
-
Size
800KB
-
Sample
230317-lc29mafd65
-
MD5
a983dd23ea30dc4c94881bf5e3a2fbdc
-
SHA1
7345aeef2a379727c9d0d5d4d83880f943a2b101
-
SHA256
f5d87682a45a92cc4dbea8ef788846df4492501ffea1ef1da4fbe7372ee5f44d
-
SHA512
b3cf61f082bcdcddc089f3613838caa2cb8cb56eb0c0c2a10d079b5d98a3cd08d938c7a6527232095ba496015444dc2d584b46ec673b2b09d8d84acadebba841
-
SSDEEP
12288:gE4sQwoLkO6fAkflhth006PNF/ss+FG5oWknid2IKZjigx98kBnuC8dLvFzPQ:gsQwcKnU06PNFUs+a94Xx99BDOzPQ
Static task
static1
Behavioral task
behavioral1
Sample
a983dd23ea30dc4c94881bf5e3a2fbdc.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
a983dd23ea30dc4c94881bf5e3a2fbdc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5806691582:AAH6u3QmlmdvCPddcnWF_1vIYT8ymbk2K8M/
Targets
-
-
Target
a983dd23ea30dc4c94881bf5e3a2fbdc.exe
-
Size
800KB
-
MD5
a983dd23ea30dc4c94881bf5e3a2fbdc
-
SHA1
7345aeef2a379727c9d0d5d4d83880f943a2b101
-
SHA256
f5d87682a45a92cc4dbea8ef788846df4492501ffea1ef1da4fbe7372ee5f44d
-
SHA512
b3cf61f082bcdcddc089f3613838caa2cb8cb56eb0c0c2a10d079b5d98a3cd08d938c7a6527232095ba496015444dc2d584b46ec673b2b09d8d84acadebba841
-
SSDEEP
12288:gE4sQwoLkO6fAkflhth006PNF/ss+FG5oWknid2IKZjigx98kBnuC8dLvFzPQ:gsQwcKnU06PNFUs+a94Xx99BDOzPQ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-