Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1808-74-0x0000000000400000-0x000000000043F000-memory.dmp
-
Size
252KB
-
Sample
230502-phpghaba57
-
MD5
8bbab7418675d72363d03ae209dad5cb
-
SHA1
09b417d68a4dc7bc8463740f89f14e7dc0c76c43
-
SHA256
b6f696764f50b5fddc8204a9b35053da3a097dc54cf8e740635e042bbee0419c
-
SHA512
6a5073a5beaa0f64876bb4f0f2de1a81a09d3b73114673866f817fe2b29a100fa72f58dfcc3f67339b8b1e503a99c9789c37e0800c88cf75c01f380270acfb0f
-
SSDEEP
3072:DefNOSBdA1t90TAaZWm3mG9KRrpU2uTBhlVqUjfwye+POmW++no//M:ZSqzWV2J22WBjVRzNDOTN
Behavioral task
behavioral1
Sample
1808-74-0x0000000000400000-0x000000000043F000-memory.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
1808-74-0x0000000000400000-0x000000000043F000-memory.exe
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
1808-74-0x0000000000400000-0x000000000043F000-memory.dmp
-
Size
252KB
-
MD5
8bbab7418675d72363d03ae209dad5cb
-
SHA1
09b417d68a4dc7bc8463740f89f14e7dc0c76c43
-
SHA256
b6f696764f50b5fddc8204a9b35053da3a097dc54cf8e740635e042bbee0419c
-
SHA512
6a5073a5beaa0f64876bb4f0f2de1a81a09d3b73114673866f817fe2b29a100fa72f58dfcc3f67339b8b1e503a99c9789c37e0800c88cf75c01f380270acfb0f
-
SSDEEP
3072:DefNOSBdA1t90TAaZWm3mG9KRrpU2uTBhlVqUjfwye+POmW++no//M:ZSqzWV2J22WBjVRzNDOTN
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-