Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3bdc4fb579dbfd37752bafc023e9eaaf2788ad91afe542f8d86e097e5ca62176
-
Size
825KB
-
Sample
230606-dmtfgabg98
-
MD5
9c57399b4a6adb4b7b8edf354e7f2c0d
-
SHA1
430652c21c0f8fe6989428cfffaff2754c5b5ff8
-
SHA256
3bdc4fb579dbfd37752bafc023e9eaaf2788ad91afe542f8d86e097e5ca62176
-
SHA512
945cdad48fd3af5cfa9612b6afa991080b60ff5862735253095613e343db88dd429ef011acde3b5381a18ff2f0d6343135bdb79165f087a047910dbfad6be61e
-
SSDEEP
24576:4/thewlqB6pAKbSVEGlC49haxZGT88vpBQ:4e2q8pNbX25Ign
Static task
static1
Behavioral task
behavioral1
Sample
3bdc4fb579dbfd37752bafc023e9eaaf2788ad91afe542f8d86e097e5ca62176.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
kjbcvllgudkhmgln - Email To:
[email protected]
Targets
-
-
Target
3bdc4fb579dbfd37752bafc023e9eaaf2788ad91afe542f8d86e097e5ca62176
-
Size
825KB
-
MD5
9c57399b4a6adb4b7b8edf354e7f2c0d
-
SHA1
430652c21c0f8fe6989428cfffaff2754c5b5ff8
-
SHA256
3bdc4fb579dbfd37752bafc023e9eaaf2788ad91afe542f8d86e097e5ca62176
-
SHA512
945cdad48fd3af5cfa9612b6afa991080b60ff5862735253095613e343db88dd429ef011acde3b5381a18ff2f0d6343135bdb79165f087a047910dbfad6be61e
-
SSDEEP
24576:4/thewlqB6pAKbSVEGlC49haxZGT88vpBQ:4e2q8pNbX25Ign
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-