Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
overdue invoice pdf.exe
-
Size
847KB
-
Sample
230823-qfk7qsdh4y
-
MD5
a3976a8131593cd5f257e1609cba021c
-
SHA1
1e761268105bc1613d697d9941447c3241463029
-
SHA256
0f350d7a72e30d6fa7234e953e127b426ffabb6960446a90a53d6c0dd6392138
-
SHA512
d8b5c3b2d39b1fe89a5db1fc273527c163ebac5f2933799cc279b76def0eecd7e3047bb29b0b7c9feb6b6fe92ca8d302e52cd277da08f07f75f1676d0dac75eb
-
SSDEEP
12288:LUVv25w+n42d1mbTzFgaJmv3xnPBtDPLd4o8wTrQ2lIC6swoeXGkDkNMw+gtYaIS:LdcBmvxLLFHIvtXGkDkSwvYmZf
Static task
static1
Behavioral task
behavioral1
Sample
overdue invoice pdf.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
overdue invoice pdf.exe
Resource
win10v2004-20230703-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.vpindustries.co.in - Port:
587 - Username:
[email protected] - Password:
saleS*9988 - Email To:
[email protected]
Targets
-
-
Target
overdue invoice pdf.exe
-
Size
847KB
-
MD5
a3976a8131593cd5f257e1609cba021c
-
SHA1
1e761268105bc1613d697d9941447c3241463029
-
SHA256
0f350d7a72e30d6fa7234e953e127b426ffabb6960446a90a53d6c0dd6392138
-
SHA512
d8b5c3b2d39b1fe89a5db1fc273527c163ebac5f2933799cc279b76def0eecd7e3047bb29b0b7c9feb6b6fe92ca8d302e52cd277da08f07f75f1676d0dac75eb
-
SSDEEP
12288:LUVv25w+n42d1mbTzFgaJmv3xnPBtDPLd4o8wTrQ2lIC6swoeXGkDkNMw+gtYaIS:LdcBmvxLLFHIvtXGkDkSwvYmZf
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-