Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
804152064.zip
-
Size
658KB
-
Sample
230609-j6pjhsbe98
-
MD5
d2b476e328f06b3227e427b29acbd380
-
SHA1
119ce5dc688bd534d068051fe6441303451c1f29
-
SHA256
02c82d7b7be7553259a42370f46fb351f5c65fe771c1d6616fefa3f19fd542dc
-
SHA512
e4bcea5a988ace4a0ac7a938ed4291fe6a7c0f74a3b0b4c94ee8a37cec362a4a6a04738d5c6e34749f3f57bbcebd7b5456c8a8846e446ec32a8cbab81d487a3e
-
SSDEEP
12288:wKYvfDBWFPutyu2CpA97e758QDA55tkTpR7b/iMIGJu3hEaEtPE0s0WsE+hu+:w5vfDBsGtp2D97eV8QDkGEmM0s0dESu+
Static task
static1
Behavioral task
behavioral1
Sample
804152064.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
804152064.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.gmail.com - Port:
587 - Username:
[email protected] - Password:
iebtzpacgzyullvo - Email To:
[email protected]
Targets
-
-
Target
804152064.exe
-
Size
723KB
-
MD5
331bc06d67e4078e0779a9a0a5d355b5
-
SHA1
475924a69dee5e4a4ab1a66c944068fa2111db68
-
SHA256
ad641230d3be8895193642d333ed88e1d6e94c209dfcb6c1932cd6a7f324a82f
-
SHA512
8e30912ab46b825292955ad70f816a8a12171692272af563181630a4ec0e24de2dbb240c8cfbf666e6233fc9c58858d88de53164dde82a804066c842501c8fee
-
SSDEEP
12288:sk+J/M+Jhewx/NscEQ+vgXK1HsaPbntTjlFhush1nPTs8HlaxYvR1toDvll2Hvk/:sl/thewlqB6pGjlfusbrs8UYvREblivu
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-