Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Payment Advise.exe
-
Size
707KB
-
Sample
230505-x2rpzabb2t
-
MD5
0d4fe0932e4c31aaa2b69a5584d70ff1
-
SHA1
c8ea2e87dc00ecda352c77a09e860fc642d07b3f
-
SHA256
860da509a25f16cda9a80a5063d4b23bc6a702406fe3c94d69bfc10790219b4e
-
SHA512
8f17170346f64f1c669858d5255a38e695954dd157e3d6967d02e9a72020f4a71818a8b4944f87fdc43e1ad9d5bdd212e2d930682314573eb154afa431697dae
-
SSDEEP
12288:31tKIXOx6IGBJgB4rJjQ9oP3WWzJO1riZ6oCkOMBx6IXhUYUHhXKK:lgI46hBJTuGmWY1C63kOMBx6GhUF
Static task
static1
Behavioral task
behavioral1
Sample
Payment Advise.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Payment Advise.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.marintravellft.com - Port:
587 - Username:
[email protected] - Password:
k*IQlsZ7 - Email To:
[email protected]
Extracted
Protocol: smtp- Host:
smtp.marintravellft.com - Port:
587 - Username:
[email protected] - Password:
k*IQlsZ7
Targets
-
-
Target
Payment Advise.exe
-
Size
707KB
-
MD5
0d4fe0932e4c31aaa2b69a5584d70ff1
-
SHA1
c8ea2e87dc00ecda352c77a09e860fc642d07b3f
-
SHA256
860da509a25f16cda9a80a5063d4b23bc6a702406fe3c94d69bfc10790219b4e
-
SHA512
8f17170346f64f1c669858d5255a38e695954dd157e3d6967d02e9a72020f4a71818a8b4944f87fdc43e1ad9d5bdd212e2d930682314573eb154afa431697dae
-
SSDEEP
12288:31tKIXOx6IGBJgB4rJjQ9oP3WWzJO1riZ6oCkOMBx6IXhUYUHhXKK:lgI46hBJTuGmWY1C63kOMBx6GhUF
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-