Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7804.9016.exe.bin
-
Size
550KB
-
Sample
230501-yxxabsgd94
-
MD5
2818671e46042173af35e5f009284931
-
SHA1
d9d410407b5e4e9735bc5d599d46adddc66648ba
-
SHA256
6ff86780faf33da714a11fec5aa9c9eb1cff9d4ca221303e2cc3dd1847526926
-
SHA512
223dbcff3ae2557f8342a7bcde75b20b5affd855394afe348a9378a39520a987dd0d3bc3bfbb61490b827c55f2f9742f1ea288b0e1d7085fe769cc4f981ce8ab
-
SSDEEP
12288:doUakIXr5INZIgcSc43xNeaSyGJ8ZiVJhdD9TwH+ccUKcvb8oW/7:doU+iZE43xNo8ZITUPq
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.7804.9016.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.7804.9016.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.mercamaq.com.br - Port:
587 - Username:
[email protected] - Password:
!#Merc354 - Email To:
[email protected]
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.7804.9016.exe.bin
-
Size
550KB
-
MD5
2818671e46042173af35e5f009284931
-
SHA1
d9d410407b5e4e9735bc5d599d46adddc66648ba
-
SHA256
6ff86780faf33da714a11fec5aa9c9eb1cff9d4ca221303e2cc3dd1847526926
-
SHA512
223dbcff3ae2557f8342a7bcde75b20b5affd855394afe348a9378a39520a987dd0d3bc3bfbb61490b827c55f2f9742f1ea288b0e1d7085fe769cc4f981ce8ab
-
SSDEEP
12288:doUakIXr5INZIgcSc43xNeaSyGJ8ZiVJhdD9TwH+ccUKcvb8oW/7:doU+iZE43xNo8ZITUPq
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-