Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c7bc4f44e279307955bc109deac55204.bin
-
Size
533KB
-
Sample
230505-x9a27ahe98
-
MD5
8bd6c821a4bb219d48619697d27c8f86
-
SHA1
dd56312abe633eb3a71c06fb3e730e7a6fbf052c
-
SHA256
819416c754bbaedea5b79af75d1cc4722e5b1ce1457584a7a39eb38d0d955f95
-
SHA512
629296d3cd8f91b43f0062c020b5c46b356961cce53f1d59d628c196af5ab3dda032039da72fd497ab73f60121283605e7d8a13ec7c28ebef8f45c095efa2015
-
SSDEEP
12288:XFBMaPyP9wYFf1x0Ld/yk32DeFT6bztJFCxrBwstQLrg:1+aA9FmLAPG6H2wsP
Static task
static1
Behavioral task
behavioral1
Sample
c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
[email protected] - Password:
JUGCRsm9 - Email To:
[email protected]
Targets
-
-
Target
c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2.exe
-
Size
656KB
-
MD5
c7bc4f44e279307955bc109deac55204
-
SHA1
462ba319aef5f2077d86282bbde6b8d71afe72ca
-
SHA256
c6e74929d1f5df0946833f77f1074f8a8518a642067b129dae1ad261ded796f2
-
SHA512
6e4477af961e05923b7580a36aa2998d6c705e4431fc7c90701de33d50f040d94ec056826e5248a0d2895dde618f25dabdfb95c5f623ef5aca87bc824a081270
-
SSDEEP
12288:DQdi+j8KQq/flRRoF/H1JrgKY1kdrdJwAYaTpel9tGQOFaV:QRj8ytoF/VeSLJw+TpertGQOFaV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-