Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Quotationr00.r00
-
Size
502KB
-
Sample
230704-xxymqagc79
-
MD5
b7ce6e26c0eb722140a81c68b4da7e26
-
SHA1
6c6177218433279d4d34fb5a8149ccb9eb2eb653
-
SHA256
ec97365b20eff61a64e5b9a02e53f1849345612012cfa652030c58c945a8089c
-
SHA512
4d21b17263722247c9270fb35ef31cf47912fb22a6a9df12573cec78d3f58ed4e1861ec8213a77b85b9ac6fafc369d7398cc6f57fd7b181c1904a7ceb7781739
-
SSDEEP
12288:21eQFaMwn8sWGj8vV16mHlyn9fj2krrG7:KM8sWQuqmHUB9G7
Static task
static1
Behavioral task
behavioral1
Sample
Quotation.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Quotation.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
sh003.webhostbox.net - Port:
587 - Username:
[email protected] - Password:
bl e ss ing 2 0 2 3 - Email To:
[email protected]
Targets
-
-
Target
Quotation.exe
-
Size
831KB
-
MD5
0b01741f707a7204f673814ed3257bd0
-
SHA1
e3a26c4e967ea85eeb07bede52ad99d07b1f5258
-
SHA256
e3a4d27630c1d1f5f57a8d490047380ffd6f813b6ffa9eb554632ac915a61447
-
SHA512
be5c717978de2422c6b227fca411a3da058429546502f1911cc2a85c11d2b4b0ea858e8d0f3ca5bc1d3c5a6da3378190e2e676157299777e0edb01c297ed428a
-
SSDEEP
12288:cfGb3nsa9x1LsqbkGweSJ3hs0bUZEZ1BthUhCmdjRlilfa6PkQ4:UGwJ3hfbUyt0lOc77
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-