Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
c885f9ee8ec4d3b7e91959611a7fce1e.bin
-
Size
289KB
-
Sample
230617-b5wx7shg45
-
MD5
1664f74574bb51152f2d49923026792c
-
SHA1
689e615b66cfe31428338ba455146350300da0c8
-
SHA256
a4e11e3962f352ddd5a24f8117cf1c287107ec97989f5cdd86a3838971fb327c
-
SHA512
6d1df5c25e3eb7edf71c5ff396f3c0654a345c0b6169cef916c5da559faea7df48ed9cd895a63fe1f77e5be3c0c9fa53842813cebee8b06a22882e2744d5da4a
-
SSDEEP
6144:tIbeiSic5dTQS68/A5UTG50JPWy3/0wKdmZ7mtEYBHLezpy:3X7TQSyEnbKdmluvBrezc
Static task
static1
Behavioral task
behavioral1
Sample
0f9d70ee323db5f11fa245c6f6f0c3d485fca200e9dbb819e95cc5597e542b3c.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
0f9d70ee323db5f11fa245c6f6f0c3d485fca200e9dbb819e95cc5597e542b3c.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
0f9d70ee323db5f11fa245c6f6f0c3d485fca200e9dbb819e95cc5597e542b3c.exe
-
Size
330KB
-
MD5
c885f9ee8ec4d3b7e91959611a7fce1e
-
SHA1
d3db0fd2da8935d8e73bebf35e9f5e247a7cb1da
-
SHA256
0f9d70ee323db5f11fa245c6f6f0c3d485fca200e9dbb819e95cc5597e542b3c
-
SHA512
7506f321d88ff385e444c49126847ecf12a357c2eab642f0048d40023d878206894b3c34be1952ef719d668b4113b5b2d6227dd0a13e6609ad876cf1b80dea99
-
SSDEEP
6144:wYa6KK5E7iEZfPfEAsocHa8jKY8ERL7JASTG4thjjEO7zs4kXv:wYIoE2TCbh8ZAgfpjEOs5f
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-