Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RFQ-HL51L05.exe
-
Size
686KB
-
Sample
230714-hhhwdsce25
-
MD5
25688584dc0ea562d4f863b6ebe76be6
-
SHA1
7766639a7022c683481f7b57ed9521190ebc8a9f
-
SHA256
33aceb5e578d09db43e7252164f9e231e9a54bf56635b959bc0ffd77b3a31c8b
-
SHA512
cf40646abedc811199ee91f31756b4ea3a2a1273a5bbecdd795cb0ff48c7c6561437df666d4711e2eea966d2ee207dabbf3332295f58e3944be8c97e486d0de4
-
SSDEEP
12288:XS8R10p46GP++o2cyeQ9u5/XeyWrhIkd8tzuhaXhbwzDDpnP:XSU12fjzy5w/XeyObsuh26pP
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-HL51L05.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
RFQ-HL51L05.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.elec-qatar.com - Port:
587 - Username:
[email protected] - Password:
MHabrar2019@# - Email To:
[email protected]
Targets
-
-
Target
RFQ-HL51L05.exe
-
Size
686KB
-
MD5
25688584dc0ea562d4f863b6ebe76be6
-
SHA1
7766639a7022c683481f7b57ed9521190ebc8a9f
-
SHA256
33aceb5e578d09db43e7252164f9e231e9a54bf56635b959bc0ffd77b3a31c8b
-
SHA512
cf40646abedc811199ee91f31756b4ea3a2a1273a5bbecdd795cb0ff48c7c6561437df666d4711e2eea966d2ee207dabbf3332295f58e3944be8c97e486d0de4
-
SSDEEP
12288:XS8R10p46GP++o2cyeQ9u5/XeyWrhIkd8tzuhaXhbwzDDpnP:XSU12fjzy5w/XeyObsuh26pP
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-