Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Proforma Invoice.7z
-
Size
1.1MB
-
Sample
230630-fx3s1ahb21
-
MD5
cf32f3762a1d04e82d111fa81aeca038
-
SHA1
6269964e02648baac95f26a8deb6d44b829e799f
-
SHA256
019c57e34c7c90f5c3e02d3ffb68fee20b4ffe36e318f532e877c09d55aac959
-
SHA512
7f1f8797b14a62af3e26372b7c96fe4b3958480030053b44b170fa734460b1e595ed9c76f2c4e47fc76b534554a9bedd69662442dde7b252567a130165e81319
-
SSDEEP
24576:Lw6w3duXTTrTH7+shDC4DgPzdMD2yjyncecaV1plNZBJ0z3:Lz2ATTrz7+YlE+j8ceca/NZBJ07
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
Proforma Invoice.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.steamd.in - Port:
587 - Username:
[email protected] - Password:
Purchase321@# - Email To:
[email protected]
Targets
-
-
Target
Proforma Invoice.exe
-
Size
1.3MB
-
MD5
0dcce5c54658fc8e2282b8f737e93be5
-
SHA1
622ed85d5cba99ac24d691b98b71ab7080074161
-
SHA256
eb2e0bf52e69c88784e19aef53a2c0330d3151ce8d448c5c45de44f3fc965aa0
-
SHA512
18307f094d771b865853a821bdb2f1dd885366208e44789787746e0a0b172e61597cb00b60c5e591a8c86aef17cf5241994659c1e92e6d9dc8c8354a876cd05f
-
SSDEEP
24576:uVp0K8s6owsmKZw2XXPUOgnwy45hbCbsfeHzYTuxa1y+ceBwDdplNMn0:uVp0K8s6owzInPUOgwy4fVWa1jceBw9D
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-