Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5c08164a01b5a7f45e341d643e9cfc47.bin
-
Size
500KB
-
Sample
230523-brp8hadc77
-
MD5
2d8f77ee5a029e2c6100ad0af792f7a6
-
SHA1
bf2acf332b5fcc34daee8ea65b7c01152cf289ba
-
SHA256
f3553c602336267db7fb39f0bc73accb9ded80a022f00d183b1d99d9e00bcce1
-
SHA512
2dd9bf69f1896013ae2afeaae873e91230b6536ad1473830f532c48506051e160756069bbe1853321943c6d161b0bca0662d065db85913869cb54b8e18ca7c7d
-
SSDEEP
12288:+uVnUTZNpirGq30FDoBngOcn+xhvCGFgueQpwtqstGpOuoV:+uBUT/Eb30FD0ngp+XqGjp4LuoV
Static task
static1
Behavioral task
behavioral1
Sample
b63331b6052cd2cdecf84fd9a481bc30a5c8404d09a5694700a6b79f5d76514a.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
b63331b6052cd2cdecf84fd9a481bc30a5c8404d09a5694700a6b79f5d76514a.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot2134979594:AAFk4QkrlHlt2a-q-EhIoHZBbzxSH0QxiBI/
Targets
-
-
Target
b63331b6052cd2cdecf84fd9a481bc30a5c8404d09a5694700a6b79f5d76514a.exe
-
Size
861KB
-
MD5
b23048bb519459d777ae29307d0f6d78
-
SHA1
cf7e4c2a83d7b7c31462ebc62a65dcfc310ac7d0
-
SHA256
b63331b6052cd2cdecf84fd9a481bc30a5c8404d09a5694700a6b79f5d76514a
-
SHA512
3f37f77ccf19bfba6cfccafbdd5f7c0d455fde354c395c3e392bdefd72bbe0a1cb9ea8b00f585a2810e35bbea5168b4c846abc357f548e7e49477a3bfecfd023
-
SSDEEP
12288:qYsOGRSljSNcQROzin29dM7RXYszkocbZ6:d/r8B4jV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-