Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AWB-18052023_1.7z
-
Size
254KB
-
Sample
230519-pv75dagf7z
-
MD5
60186bdd7343d1ec3f36fbb79e605edb
-
SHA1
8a6ad3145b5f411a7d0b37aa227ec4f3da28bee9
-
SHA256
e968bd84f2b72b1d238b1eb28cc1cbc8eeb24d1db7acee8e8ca433ab5b28b106
-
SHA512
20748f441adcce1781d281461e9a25fb2c36e8ae3168ccfecee0f3c11e531af316a83f72f11bc6a48ebc8b4d3f7842d04731aab0dac8cdd80c10f0b8184fb4aa
-
SSDEEP
6144:fpzgOqMCUvbsQvpMymkq7XmHlPfSjWlz/RbwE0h1ECn:RgNMzfOymzmHZailRny
Static task
static1
Behavioral task
behavioral1
Sample
AWB-18052023.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
AWB-18052023.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.cynthiacostamilan.com.br - Port:
587 - Username:
[email protected] - Password:
Qwertyuiop123!@# - Email To:
[email protected]
Targets
-
-
Target
AWB-18052023.exe
-
Size
298KB
-
MD5
b8b4d97f8f291a30d44ba156a4d4cbd1
-
SHA1
2f545aad0c50c37754d9716bee7b9a37d5289910
-
SHA256
2e5e690fe5a9607c51574cd1e8444591a9dd524fafc78911ff9f09ee5242bff1
-
SHA512
7a8f9a452824555833158769c6a5247ca174679bdc8a527d3535b3fdd0fc05d1ead8097cb006c6a25dfce6493950798624ec81893122687ac5c1c9ea70fa387a
-
SSDEEP
6144:6UFxbIBMP6HyvbefvpM9mkT7XmHlPF/6IC17Cjj1VA:VbgIuO9mQmHZFSRC
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-