Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SOA.zip
-
Size
568KB
-
Sample
230605-tmekbahe57
-
MD5
f95bb735cd2eca12600e5028c4789431
-
SHA1
f8e7dbb3b5cf6305b70afadc21f4c0b05180387a
-
SHA256
253e013f09f3d37c211355f9ec3d86eec58f143e80b133835a8d679f46428702
-
SHA512
8b8f0c7da521b1970f648391262ecc364a34cf586be1ad99818d3e033d471c30fdbe0b4701785fa9544d4f34dc5c15a173357b93d13d8391af962ab684d827df
-
SSDEEP
12288:40HUKjwNFAlbB4hSDz7WMhbqsi6LNiCbWpo1bwIiFKXhTVhMeP:42UKjw4UhSDz7WMRdLNzv3vhhhMeP
Static task
static1
Behavioral task
behavioral1
Sample
SOA.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SOA.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5814058627:AAFjPgERfyp3AZJXAfISMezajcw2VR_A_9U/
Targets
-
-
Target
SOA.exe
-
Size
608KB
-
MD5
9679de6d9acd068c7f902760f73fbd20
-
SHA1
1aef17bc39349726e31cdf77395b1b420c2417a4
-
SHA256
93b2e11e63c3e38bd7d2fc22514d2ae970e35ee23bd9fd829a75d25df3794dd8
-
SHA512
87ce2b5d5104f85dc28826de45111e56fe08113e49906a99ca97f8b67bb4119db347d03646d11ebdc6b5a5857c68fa0fb0fd3f5a7d3a78e9a4b4825295d22c25
-
SSDEEP
12288:92N8jiZ4zypIPvtPplTY6RhKuQAtb54gWMhSosI6LN4CHUTBiFRIIk1KxtTSPS:92N8jiZ4zypIPvJTDE6AgWMQ9LNC9iFs
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-