Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5b3ac737f328169d7649cce8325e28e2.bin
-
Size
730KB
-
Sample
230520-bpwbqshe62
-
MD5
f2dc5c88fbbd39061431626a598224f9
-
SHA1
118752225c64c619c364d272113d735f19b1a650
-
SHA256
119e0b0a9d5a8d92dde425a7968a573faf5406dd244de05f176860c0b87492b6
-
SHA512
f92ccc97b447b40c04310c13b7e8c249b24a491c50a5b6d9f927901f30a475fd96c88f7f7ad9723b62d876fe6a392fd32731a3ebc908c3988c6339b566544424
-
SSDEEP
12288:oIAHqgn+Btqd9VrLobp/1bIGC5JkHHZHI5uW5lgUc7BvWwzGzKrcETOkPJiT7:oIAHYtq9V/oFBzC5JkHJDW5zcd6zELRy
Static task
static1
Behavioral task
behavioral1
Sample
21b178d2c4a37e242aba83fb691e598e442539566e5bfabc30f7501798684b4d.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
21b178d2c4a37e242aba83fb691e598e442539566e5bfabc30f7501798684b4d.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6174413593:AAEFJFfmmgKHkg-43MZw2Pt5EAT6z2Bs9Ug/
Targets
-
-
Target
21b178d2c4a37e242aba83fb691e598e442539566e5bfabc30f7501798684b4d.exe
-
Size
969KB
-
MD5
5b3ac737f328169d7649cce8325e28e2
-
SHA1
822909bee7ee451dd76dce5b77593a5b35153595
-
SHA256
21b178d2c4a37e242aba83fb691e598e442539566e5bfabc30f7501798684b4d
-
SHA512
30f215d2bf1050fb9c41e9fa61200c3f28942659aeef3df6e8a24798a4f34488af23ee3eae1907b9727da1835ba26f0e19fa80f97f4ba60ea4c563ffb35075ab
-
SSDEEP
24576:5Bfsl4bUSXJwta8ItxAQ47VrfxpJ/CxxLI/2:/fslCJO5TQq/lCxxLI+
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-