Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Enq.exe
-
Size
787KB
-
Sample
230330-lerkxabh88
-
MD5
6ed649d0c104c49ca0860b86268ade72
-
SHA1
1070fde85bf28fdeb33255f257f8097b0d7bbfee
-
SHA256
f388b5e3cf8b41bf483a00dcd8d53cc02c298ec970510f68190e33992b184440
-
SHA512
fe5b7b32b1ddf5dd855679f16953e73cd955c08841df6663ecaf044e1fd212413015ff4ff23cc9633b99706cf1d8d414f22af427eadb5fd4612e56609aefa789
-
SSDEEP
12288:Um6Fhabqd0fHIEaRpU33i2/ku1a1o+ieILBN8e8WmbaCVLw7zW0uyF32g5mKI1bf:URt0cRpUHdHBNX2aaw7zjwgOJ
Static task
static1
Behavioral task
behavioral1
Sample
Enq.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Enq.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
General1248@1 - Email To:
[email protected]
Targets
-
-
Target
Enq.exe
-
Size
787KB
-
MD5
6ed649d0c104c49ca0860b86268ade72
-
SHA1
1070fde85bf28fdeb33255f257f8097b0d7bbfee
-
SHA256
f388b5e3cf8b41bf483a00dcd8d53cc02c298ec970510f68190e33992b184440
-
SHA512
fe5b7b32b1ddf5dd855679f16953e73cd955c08841df6663ecaf044e1fd212413015ff4ff23cc9633b99706cf1d8d414f22af427eadb5fd4612e56609aefa789
-
SSDEEP
12288:Um6Fhabqd0fHIEaRpU33i2/ku1a1o+ieILBN8e8WmbaCVLw7zW0uyF32g5mKI1bf:URt0cRpUHdHBNX2aaw7zjwgOJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-