Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AWB 5331810761.exe
-
Size
650KB
-
Sample
230711-l641bagb97
-
MD5
5a449aac29f1543a3fe7d0e481d9c5f9
-
SHA1
8d8b50dc365132b5f2e99e3f67b25bb74e82bf37
-
SHA256
2d1a013b096ee6e0e8917809ba4c7d8f25cd7808a00e59cdb145b1f489ba546a
-
SHA512
58cbdca0fe74580d9b1ac39398d2ee4a4650877213343a81e5e2e91475bdcfe5cc9195c607d04f7f2c11ae79f9b8376849f03f1d9eae70abd9f863deae0dcb25
-
SSDEEP
12288:jN1ugO6Hmq31GTy4+z2zTs6naU49oAtxMvr+eKFZSPR:asD3EWzgra5txs+pzK
Static task
static1
Behavioral task
behavioral1
Sample
AWB 5331810761.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
AWB 5331810761.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot6212701050:AAErVFpJnLIOy-vtdkkH8KxPMtjZB1gt9Ak/
Targets
-
-
Target
AWB 5331810761.exe
-
Size
650KB
-
MD5
5a449aac29f1543a3fe7d0e481d9c5f9
-
SHA1
8d8b50dc365132b5f2e99e3f67b25bb74e82bf37
-
SHA256
2d1a013b096ee6e0e8917809ba4c7d8f25cd7808a00e59cdb145b1f489ba546a
-
SHA512
58cbdca0fe74580d9b1ac39398d2ee4a4650877213343a81e5e2e91475bdcfe5cc9195c607d04f7f2c11ae79f9b8376849f03f1d9eae70abd9f863deae0dcb25
-
SSDEEP
12288:jN1ugO6Hmq31GTy4+z2zTs6naU49oAtxMvr+eKFZSPR:asD3EWzgra5txs+pzK
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-