Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2fad9d22d71aa2c94ee5b6ef0287440e.bin
-
Size
610KB
-
Sample
230512-bplsasbb82
-
MD5
da475740a2b6b228238b72d6b40341a5
-
SHA1
71bcffb40bd50dddfff35690fe11152fcf182e32
-
SHA256
e6fc48f226544e7d5b7fc19a7fe236624f3a0670fa4a42f73e9fc2d0d2b2cf1b
-
SHA512
39f2b53a3d11c68cf48b3e3658be38612e1d777f851c8b09b23309eb10a8ed56a868120474de1e66dbdb387780d6adb0ed4a0eec2e64957bc676ec60f2fc5792
-
SSDEEP
12288:88bRVLeIrKhQdsOlsi15URMMm/HSvqt1Z7iMEBQZRPZtwvE:8YRVLeIrwQdsJi1KRE/Ay1NiMkQSE
Static task
static1
Behavioral task
behavioral1
Sample
5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6277498666:AAH4URlmeSysUKKZG20OTvrve55BRMLEu_o/
Targets
-
-
Target
5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067.exe
-
Size
696KB
-
MD5
2fad9d22d71aa2c94ee5b6ef0287440e
-
SHA1
80331853c5503522e775aa7ef10317a14595158d
-
SHA256
5c55eec6f12aa60ac02540ebb2af7b7780d148d76a07ad27bfad0d4f3bc1a067
-
SHA512
a7ecba4cab6e47483d55141e7fc2e138915a4425fa86fb15a5034d530ff2a53e1f3785a38c99dfd62b3ead850ab25ff82d5e0699925d26ddfb0b124d191109b6
-
SSDEEP
12288:XFmDIzln4wgNAqcDZ2ITVh4LhIMA4PDT3XWGl3VlVT6QdtaTlW:1mDId4wqANDI8S3f3BBVRtaT
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-