Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
asklamaya.exe
-
Size
293KB
-
Sample
230713-qnc64agh35
-
MD5
6cc93c3cbc8578aa9e7a69b527521577
-
SHA1
6f578200f0f4ee228f08bd7197dfc6ec9035e608
-
SHA256
6702fd8cc69861fd00ceba3d93fd0108be39694f0af90577e99e3e04f0c2ce83
-
SHA512
396cb20c6badad5f6343deb5cc2192cc663e8f166cf2c5a4b39a56037b700889cda7cc419781cf7f6f58c55e5983e81b0498c74abc55afea2b6f8464a7f9b144
-
SSDEEP
6144:vYa6XerF2JOK15cSag0dwXhmmunvWkZ5PECg1U4L/q/hpBV:vYleRM1SSb0mw+O58Cg1p/qV
Static task
static1
Behavioral task
behavioral1
Sample
asklamaya.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
asklamaya.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
asklamaya.exe
-
Size
293KB
-
MD5
6cc93c3cbc8578aa9e7a69b527521577
-
SHA1
6f578200f0f4ee228f08bd7197dfc6ec9035e608
-
SHA256
6702fd8cc69861fd00ceba3d93fd0108be39694f0af90577e99e3e04f0c2ce83
-
SHA512
396cb20c6badad5f6343deb5cc2192cc663e8f166cf2c5a4b39a56037b700889cda7cc419781cf7f6f58c55e5983e81b0498c74abc55afea2b6f8464a7f9b144
-
SSDEEP
6144:vYa6XerF2JOK15cSag0dwXhmmunvWkZ5PECg1U4L/q/hpBV:vYleRM1SSb0mw+O58Cg1p/qV
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-