Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Product samples - new order.exe
-
Size
579KB
-
Sample
230503-bdsfpseh9s
-
MD5
bf3bd006f835d90c757ff98930fcb18e
-
SHA1
eb32977c884c2de3435218f365c19159a1886d1f
-
SHA256
b6f722fd8ecb1b6116c8755a385ade64a3155792bf053bfa9d477b4a94eb6132
-
SHA512
a0b4a79b54e4b5dde9d5514ab1a67b6d07f212ce8288c1e831d067656dd3740f5520a96938f110007eeb66bbd890880e9748ac42c3d807de61d50aceae396749
-
SSDEEP
12288:1SD3FsdOkvY0NOUMqPoos6h/e4z6sfoxWyv2:i3FshQ0NpQJu/T6sgWX
Static task
static1
Behavioral task
behavioral1
Sample
Product samples - new order.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Product samples - new order.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6245703396:AAHg_TQ1WtLp1lxzk_kMvpbNJkMGbBCOayI/
Targets
-
-
Target
Product samples - new order.exe
-
Size
579KB
-
MD5
bf3bd006f835d90c757ff98930fcb18e
-
SHA1
eb32977c884c2de3435218f365c19159a1886d1f
-
SHA256
b6f722fd8ecb1b6116c8755a385ade64a3155792bf053bfa9d477b4a94eb6132
-
SHA512
a0b4a79b54e4b5dde9d5514ab1a67b6d07f212ce8288c1e831d067656dd3740f5520a96938f110007eeb66bbd890880e9748ac42c3d807de61d50aceae396749
-
SSDEEP
12288:1SD3FsdOkvY0NOUMqPoos6h/e4z6sfoxWyv2:i3FshQ0NpQJu/T6sgWX
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-