Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
771a4f1bed87b5336b188cfb31c5c200.bin
-
Size
711KB
-
Sample
230325-bzlv2sae24
-
MD5
0277dfad24ef08cffdc8990b6436b114
-
SHA1
919a15ebc29178387d69e96d7554e5c7ed7a18d9
-
SHA256
f6342898baf831714973ff440665f1faa69a03d62b99739603385baf90ac872c
-
SHA512
1412315c182e79dc0cdc495fea2207681544332e87c0f99063375d170fac20b83415cb3d84e6e1cbd61d398e0c240c7dc1ff8e4a3e166f34701a28bdd49d1e20
-
SSDEEP
12288:fc78Gc2xxKaEK6jkyQX7RRpjiSmVHNVkb0NzDmWqdjYnypRBTt1OCpmHZVay9IDA:E7c2xx4ljSRRpkTVqGzDm3djYnypeC85
Static task
static1
Behavioral task
behavioral1
Sample
b608ae4e41f90a368ec3b9d29346c01a0322f6b7d8e96334070240fbbeba2c70.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b608ae4e41f90a368ec3b9d29346c01a0322f6b7d8e96334070240fbbeba2c70.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot1749457201:AAGWIY2QPzrHZIumAIUsWjyRAEWcJrauccY/
Targets
-
-
Target
b608ae4e41f90a368ec3b9d29346c01a0322f6b7d8e96334070240fbbeba2c70.exe
-
Size
808KB
-
MD5
771a4f1bed87b5336b188cfb31c5c200
-
SHA1
e54c44c009fb78e3cb053af5bee0a728fcf4dcb3
-
SHA256
b608ae4e41f90a368ec3b9d29346c01a0322f6b7d8e96334070240fbbeba2c70
-
SHA512
12fdbe85217e2174db08139ae46f8dc3761c835d14458d4ef11e56341f0541b1d464ef9ac3fb2fc533b2980d28c26dbcdf38d559d26fb791c4d5480de2796049
-
SSDEEP
12288:Ag5Zwdbch9SgZWoXylevNyZeAC9aSyBZOYNsg0aTAHru5iMHixKCrYrE:AeZGbch9/Eo1Vy4794BZODg6Hs9iMCc
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-