Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ec5d71e7c6115d86ae29ce20489752e8.bin
-
Size
647KB
-
Sample
230519-cgtzdadd7t
-
MD5
0bb9fb9809eee9d57e8ddea2cf19fc68
-
SHA1
0735df2484eda0c6f2ade3b3c37f021014e52be0
-
SHA256
73ec879f9161b45afd68037c1d9509e6eeaf8e285ec301dc80ad51117830500f
-
SHA512
df1cf5481515fbb5cbc1b6cc0e8834974a54a03445e337dfcd3787d6bb86434c5ccd8a5178d176ca3750690ff467232d84495a749ed45fde98dd85f3c893b93d
-
SSDEEP
12288:1wlteL9KD4oL3wYJti8/sjbBTaeF+0EIKp5som6zqn+3KWfuy8A1:ateLgD4S9m0sjEeQnxGn+n58A1
Static task
static1
Behavioral task
behavioral1
Sample
0q7qlsLVl1SQrvh.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0q7qlsLVl1SQrvh.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6190932047:AAFAXC_q-J_1tPTmmiqndMdlZipgoGT2Ypo/
Targets
-
-
Target
0q7qlsLVl1SQrvh.exe
-
Size
873KB
-
MD5
61ca94837222b35a82863294601c3769
-
SHA1
5a180a46e32bd2b932ba5e490d5c58b4190111d1
-
SHA256
271d3e8dfec86cdeb02be2c1d29e4717dae69d8edfb088bdf67b3da85fbacf30
-
SHA512
62d0fe18660e68b1e506e7bf3dcf412b6306d57cbd164f1b8211ff5d526738105bed297f7012379abb1183dc7c3bedcd7f6fa2864daeebf0a4f7bc6103198db7
-
SSDEEP
24576:b1Bs0qZ491FSKmpt2Mk4OEXO6RTfn/uFfC:bDs0qZwoKm9kYHTfnWF6
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-