Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SWIFT COPY MT103.pdf.exe
-
Size
585KB
-
Sample
230817-gn7ahaff83
-
MD5
ecfa344adc08c80b1717abc337753e9b
-
SHA1
51ace356a871e5831eab17758ff982130f542ed1
-
SHA256
0246246b1452e63b1eea7a93f73e9edfde5e1b4c41d32d44ea100aa0ba7d4b3b
-
SHA512
14754c4e73c523cf011018f8ea0010219540df69821b96c19bded399d2fcdff5afcfe303c220a77b2ecd64ab203f8eeb63e18ba7d180f8f6488943364a63c0e5
-
SSDEEP
12288:C7EYqCDl+CDfeY7oiNG3bHfiBmg54cZMl3OXIcDpAafwYaeMZ0U:43v7oi83bHfag3O4e2afwYFy0U
Static task
static1
Behavioral task
behavioral1
Sample
SWIFT COPY MT103.pdf.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
SWIFT COPY MT103.pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
https://api.telegram.org/bot5752794370:AAGHbBIUSUvwQW5dpdi3bNZyPbHwpEPD5r0/
Targets
-
-
Target
SWIFT COPY MT103.pdf.exe
-
Size
585KB
-
MD5
ecfa344adc08c80b1717abc337753e9b
-
SHA1
51ace356a871e5831eab17758ff982130f542ed1
-
SHA256
0246246b1452e63b1eea7a93f73e9edfde5e1b4c41d32d44ea100aa0ba7d4b3b
-
SHA512
14754c4e73c523cf011018f8ea0010219540df69821b96c19bded399d2fcdff5afcfe303c220a77b2ecd64ab203f8eeb63e18ba7d180f8f6488943364a63c0e5
-
SSDEEP
12288:C7EYqCDl+CDfeY7oiNG3bHfiBmg54cZMl3OXIcDpAafwYaeMZ0U:43v7oi83bHfag3O4e2afwYFy0U
Score10/10-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-