Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
PURCHASE ORDER.pdf.rar
-
Size
567KB
-
Sample
230717-h1cgbsaf39
-
MD5
03b52383fdbc16cce0d0321df47f8cb8
-
SHA1
5fa1735dcdb616d3f0c7adec5c6d69e12e300492
-
SHA256
5be83ffe52e6517112f47fbda458f69711f7817f64520810b4254f467b0b6fcd
-
SHA512
bd24634470f6e1c03a98bea2cfe5d319ae7d2700a3396ad4f7da3646852d430a7490a6f6fffff9c75603c997ce0aa667dd0c0833b803c6fbc8ea47b3af757747
-
SSDEEP
12288:syLztH25YdfxOcWGjUk0ZvGwU4M6iSgfEhUmmVdwtDwJam9h:syLRW5Yt4cWMwli3fSUmxtD8f
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.pdf.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
PURCHASE ORDER.pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.expertsconsultgh.co - Port:
587 - Username:
[email protected] - Password:
Oppong.2012 - Email To:
[email protected]
Targets
-
-
Target
PURCHASE ORDER.pdf.exe
-
Size
609KB
-
MD5
cc1654f37d3a19d363abae9afd112788
-
SHA1
1906b798cb71daffe4aa209383467b5dd6f19678
-
SHA256
ec57c2de3349840ec8ac00000c964ba5c68cda5b954f6ea4ca3ced7098257286
-
SHA512
5d0a27f73ebd2e3ec0fe120ee2a5e842fa9d73e3a64f003bfb670262e24f46386fd571576da1e0e5aaeca2d1d6bafd7104ea0d3ba6e4c1eab3cf806847689b3a
-
SSDEEP
12288:czP5fztK7xB73farrIiPBMFCQ4INiqI/V:e5fRKdBbCr0iAJNDa
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-