Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
TT PAYMENT.exe
-
Size
1.1MB
-
Sample
230630-qk46each97
-
MD5
120ebce72710d7ff3d5b004b28f8cdb3
-
SHA1
1b4b48d514cd6ddce5fb5960191909019e86c79f
-
SHA256
17b85440e830fbef06c68240cf0024dad39a394409980195c360c0084c4be907
-
SHA512
41ec5d6abf80c7c7a73c6342ff04bbc55ceb96d5cd5826c110c9a724a46cf9514c5da2a148fdf5e1342303b7c9a6aebe0a4ded364964fd2dc0d49f366fbd2b14
-
SSDEEP
12288:XjUPKl/CRhFk76tVXQeOiZ8KrkrU5ZowzT8Ga5iCOpSfRE1FTW+Yf/eKq/Crecgx:XjUS5GIKVX0SDkwsN645CFO+fCSD9mO
Static task
static1
Behavioral task
behavioral1
Sample
TT PAYMENT.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
TT PAYMENT.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
TT PAYMENT.exe
-
Size
1.1MB
-
MD5
120ebce72710d7ff3d5b004b28f8cdb3
-
SHA1
1b4b48d514cd6ddce5fb5960191909019e86c79f
-
SHA256
17b85440e830fbef06c68240cf0024dad39a394409980195c360c0084c4be907
-
SHA512
41ec5d6abf80c7c7a73c6342ff04bbc55ceb96d5cd5826c110c9a724a46cf9514c5da2a148fdf5e1342303b7c9a6aebe0a4ded364964fd2dc0d49f366fbd2b14
-
SSDEEP
12288:XjUPKl/CRhFk76tVXQeOiZ8KrkrU5ZowzT8Ga5iCOpSfRE1FTW+Yf/eKq/Crecgx:XjUS5GIKVX0SDkwsN645CFO+fCSD9mO
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-