Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
swift-04172023.doc
-
Size
27KB
-
Sample
230420-ngklgshe42
-
MD5
1cf063099adda44ae796e1abbdc0c4b6
-
SHA1
8d5091defe3bf7431e357079da14640a237716ec
-
SHA256
c086a5bf6d7f4586a1c1f03d6228efafe36e769910c60e01aa9b4fb63ba3f588
-
SHA512
3e2f8cdfa529df7e7541dd11147ab9c78b9f05f0f5faa582ec9cc915c404e15151f27133af7785548638ff633c51a1bbc872be030bb8e3a152cf2323c593846a
-
SSDEEP
768:eFx0XaIsnPRIa4fwJMQF+by2nujzhfj5xzt+u:ef0Xvx3EMNXn6XJf
Static task
static1
Behavioral task
behavioral1
Sample
swift-04172023.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
swift-04172023.rtf
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: ftp- Host:
ftp://ftp.valvulasthermovalve.cl - Port:
21 - Username:
[email protected] - Password:
LILKOOLL14!!
Targets
-
-
Target
swift-04172023.doc
-
Size
27KB
-
MD5
1cf063099adda44ae796e1abbdc0c4b6
-
SHA1
8d5091defe3bf7431e357079da14640a237716ec
-
SHA256
c086a5bf6d7f4586a1c1f03d6228efafe36e769910c60e01aa9b4fb63ba3f588
-
SHA512
3e2f8cdfa529df7e7541dd11147ab9c78b9f05f0f5faa582ec9cc915c404e15151f27133af7785548638ff633c51a1bbc872be030bb8e3a152cf2323c593846a
-
SSDEEP
768:eFx0XaIsnPRIa4fwJMQF+by2nujzhfj5xzt+u:ef0Xvx3EMNXn6XJf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-