Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
sydney.exe
-
Size
632KB
-
Sample
230414-wemxtsce21
-
MD5
22f586f44c42f4391e56f4fa69a4a15f
-
SHA1
e65b058c4e70cd00d589182aa3000f13985bd647
-
SHA256
466fdb188d0606dc985d5fd8ff6510566d55741ed4874872a04473135ec2f9ce
-
SHA512
e65ac28edd7dbadf65117c98ba342fabd4d005a34f807162181baabd9f0bb884c47be922853acf4fa514a1ba34bb192e8cd80548ad831561a44f9e326450ae92
-
SSDEEP
12288:u52iNXuldrjZekhfaYZbgP2d0aahqEYfVNO/:c1FulhZeUf97pahUVN
Static task
static1
Behavioral task
behavioral1
Sample
sydney.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
sydney.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sh003.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
olu chu kwu 554 - Email To:
[email protected]
Targets
-
-
Target
sydney.exe
-
Size
632KB
-
MD5
22f586f44c42f4391e56f4fa69a4a15f
-
SHA1
e65b058c4e70cd00d589182aa3000f13985bd647
-
SHA256
466fdb188d0606dc985d5fd8ff6510566d55741ed4874872a04473135ec2f9ce
-
SHA512
e65ac28edd7dbadf65117c98ba342fabd4d005a34f807162181baabd9f0bb884c47be922853acf4fa514a1ba34bb192e8cd80548ad831561a44f9e326450ae92
-
SSDEEP
12288:u52iNXuldrjZekhfaYZbgP2d0aahqEYfVNO/:c1FulhZeUf97pahUVN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-