Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Order # CCI-1260584.exe
-
Size
724KB
-
Sample
230607-lfbwvahd65
-
MD5
89b3a3650105f363fa99624f7c122b7e
-
SHA1
896232e9d46e96fb725027380cc56cc73ae3ace9
-
SHA256
816dcc8bb5070ed2db687bdb064a383c946c8183f5e0c089f2453653be8a3086
-
SHA512
a3a07c7679dc90b78d4a963fb750e2e72003ab119ff774a99db47483bbfcda1b53cdd9b205da0b6feac29503828b7b1dda3c28e9fbfdc451327ffbc8faa5ff4c
-
SSDEEP
12288:60+J/M+Jhewx/NscEQ+vgXK1HsaP2XigKw/HDrnTfehVwWRkAUqT6c2sKoRjpt6s:M/thewlqB6p8W/jjTf6V/Ul9sK0t6LoJ
Static task
static1
Behavioral task
behavioral1
Sample
Order # CCI-1260584.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Order # CCI-1260584.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
iebtzpacgzyullvo - Email To:
[email protected]
Targets
-
-
Target
Order # CCI-1260584.exe
-
Size
724KB
-
MD5
89b3a3650105f363fa99624f7c122b7e
-
SHA1
896232e9d46e96fb725027380cc56cc73ae3ace9
-
SHA256
816dcc8bb5070ed2db687bdb064a383c946c8183f5e0c089f2453653be8a3086
-
SHA512
a3a07c7679dc90b78d4a963fb750e2e72003ab119ff774a99db47483bbfcda1b53cdd9b205da0b6feac29503828b7b1dda3c28e9fbfdc451327ffbc8faa5ff4c
-
SSDEEP
12288:60+J/M+Jhewx/NscEQ+vgXK1HsaP2XigKw/HDrnTfehVwWRkAUqT6c2sKoRjpt6s:M/thewlqB6p8W/jjTf6V/Ul9sK0t6LoJ
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-