Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Invoice No.23DF-46775.exe
-
Size
903KB
-
Sample
230508-qxtkfacf6v
-
MD5
8b97b1a70e233a34a42dc72971545f07
-
SHA1
17cdf8a99b83975664698b963c568ec299a6251c
-
SHA256
a3928afcfa8b3e1825c9796ea9099e59e1e7ae2306fbfcc20dc3aae7c6065121
-
SHA512
f025a66ae932bd4976a63f3319a438454bececb26f09c78a7d77000c056f7d483b2d58050ad0fb44f0c4824080b4cb3ba8c3d03699dbd398e243dcc4187187ab
-
SSDEEP
6144:yGJK4njQgky2InEoRhUaN9B6YjrlfplKGjXWnl/bQmkLKS0fCvYafA3Zrkkn/LqY:S4nJCnGLS2nQaINkULq7nO/Ga9H
Static task
static1
Behavioral task
behavioral1
Sample
Invoice No.23DF-46775.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Invoice No.23DF-46775.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
iebtzpacgzyullvo - Email To:
[email protected]
Targets
-
-
Target
Invoice No.23DF-46775.exe
-
Size
903KB
-
MD5
8b97b1a70e233a34a42dc72971545f07
-
SHA1
17cdf8a99b83975664698b963c568ec299a6251c
-
SHA256
a3928afcfa8b3e1825c9796ea9099e59e1e7ae2306fbfcc20dc3aae7c6065121
-
SHA512
f025a66ae932bd4976a63f3319a438454bececb26f09c78a7d77000c056f7d483b2d58050ad0fb44f0c4824080b4cb3ba8c3d03699dbd398e243dcc4187187ab
-
SSDEEP
6144:yGJK4njQgky2InEoRhUaN9B6YjrlfplKGjXWnl/bQmkLKS0fCvYafA3Zrkkn/LqY:S4nJCnGLS2nQaINkULq7nO/Ga9H
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-