Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Dueinvoiceexeexeexeexeexe.exe
-
Size
590KB
-
Sample
230709-nf3exade7v
-
MD5
cfadfb5515950bb1142145daee782701
-
SHA1
90d71c10593ee4b7a53c8ee0e412ceb606564c91
-
SHA256
e759e4e0ba6d3e577ba3dc31a6ff4af77779a92afef0a7dd1814d23b7fe3ed03
-
SHA512
410c01b287384c0ef569871e2f50c869836607002f1a676f88b8dd93caadadb0ae7a1509e5ecca06ab1c49cc04f0834722488d13dd6068f405760e0a658cf44b
-
SSDEEP
12288:Agjjk9TCxo/5VimB/iyb5yXRbT2ToYNWYX0XtkB+5tXO7ZAJoY:Agjjk9TFVibyb52R8oYNWYEk05Y9AJoY
Static task
static1
Behavioral task
behavioral1
Sample
Dueinvoiceexeexeexeexeexe.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
Dueinvoiceexeexeexeexeexe.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.icmpp.ro - Port:
587 - Username:
[email protected] - Password:
puCHImic2019 - Email To:
[email protected]
Targets
-
-
Target
Dueinvoiceexeexeexeexeexe.exe
-
Size
590KB
-
MD5
cfadfb5515950bb1142145daee782701
-
SHA1
90d71c10593ee4b7a53c8ee0e412ceb606564c91
-
SHA256
e759e4e0ba6d3e577ba3dc31a6ff4af77779a92afef0a7dd1814d23b7fe3ed03
-
SHA512
410c01b287384c0ef569871e2f50c869836607002f1a676f88b8dd93caadadb0ae7a1509e5ecca06ab1c49cc04f0834722488d13dd6068f405760e0a658cf44b
-
SSDEEP
12288:Agjjk9TCxo/5VimB/iyb5yXRbT2ToYNWYX0XtkB+5tXO7ZAJoY:Agjjk9TFVibyb52R8oYNWYEk05Y9AJoY
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-