Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Yeni siparis listesi13042023.exe
-
Size
804KB
-
Sample
230414-gx7ydsgf27
-
MD5
3e6b260fdedc8b1e355dbe207e877339
-
SHA1
cfa9fa23b7af8283cd4c6fc38cb886b9d0d391ed
-
SHA256
1c86b0e202a10381d1c05101386cf2903d501b444d73184e9a38f02f1248fcb1
-
SHA512
3ced366b356c8da4cb3abfb9f6f0d1946484fd359bd19580984cff083fc728e4d2df1d1bb3d4d76fd0f5c5a198e3ababde8dc19b1f3311147ab44a88ed01a11c
-
SSDEEP
12288:qywrbUis/IC45cG5kA9/u53O6BQImrKKVYLxj8IPNVHqDU+HXMW99PUsDSdqK0ex:pisIPN+aW3FQ4sW8wNcU+8vJsX
Static task
static1
Behavioral task
behavioral1
Sample
Yeni siparis listesi13042023.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Yeni siparis listesi13042023.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6120421924:AAHfDg3lTzDUW4O1CSc9eyT6zf8UpaOZqyY/
Targets
-
-
Target
Yeni siparis listesi13042023.exe
-
Size
804KB
-
MD5
3e6b260fdedc8b1e355dbe207e877339
-
SHA1
cfa9fa23b7af8283cd4c6fc38cb886b9d0d391ed
-
SHA256
1c86b0e202a10381d1c05101386cf2903d501b444d73184e9a38f02f1248fcb1
-
SHA512
3ced366b356c8da4cb3abfb9f6f0d1946484fd359bd19580984cff083fc728e4d2df1d1bb3d4d76fd0f5c5a198e3ababde8dc19b1f3311147ab44a88ed01a11c
-
SSDEEP
12288:qywrbUis/IC45cG5kA9/u53O6BQImrKKVYLxj8IPNVHqDU+HXMW99PUsDSdqK0ex:pisIPN+aW3FQ4sW8wNcU+8vJsX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-